On Mon, 15 Apr 2013, Sam Hartman wrote:
"Tom" == Tom Yu <t...@mit.edu> writes:
Tom> Sam Hartman <hartm...@debian.org> writes:
>> My recommendation is that this is not worth a DSA or stable fix
>> for squeeze unless some Debian user comes forward and says that
>> they're seeing crashes in the wild related to this.
>>
>> --Sam
Tom> Keep in mind that unmodified client software can trivially
Tom> trigger this vulnerability. I can do an explicit check of the
Tom> trigger against the 1.8 branch if you'd like confirmation.
I understand.
Having seen the reproducer, I am of the opinion that this bug should get
fixed in stable.
I am planning to prepare a candidate stable upload (which may include
another bugfix if it seems appropriate) later this week for consideration.
-Ben
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
