Thank you Salvatore for submitting this important bug. I have sent this information to upstream and I have read the information you provided. It is the first time I have to deal with a security bug, so I do not know the right procedure to follow.
I suppose there is a script or procedure to check whether the patch version has the problem fixed or not. I let you to know if upstream gives a patch. Sincerely, Jose P.S.: I have some knowledge of programming but I do not know whether I would be able to produce a patch on time for the upcoming bullseye release.
