severity 700923 important thanks Hi,
I find it unlikely that in serious deployments remote cib management would be enabled for untrusted connections. This kind of management usually happens over separate networks or is appropriately guarded by other controls. And where not, the worst result is a DoS which gets immediately noticed and is quickly fixable by adding said controls or disabling remote management. I believe this to be a low-risk issue and therefore don't think we need to issue a DSA for it. If a straightforward patch should surface, it can and should be fixed in a spu and for wheezy. Cheers, Thijs
signature.asc
Description: This is a digitally signed message part.
