Hi Gabriel, On Thu, Feb 16, 2023 at 11:37:57PM +0100, Gabriel Corona wrote: > Hi, > > Thanks for the patch!
Thanks for staying on top of the issue! > > This has been fixed in Debian testing and sid. However, stable is still > affected. I believe it would make sense to port the patch to stable and > allocate a CVE for this. The last upload to unstable as NMU was for me personally to near to the point release before christmas. A while has passed, and have now proposed the same change for bullseye as well, cf. #1031527. Thanks for pinging again on it, much appreciated! So the issue will/should be fixed as well with the upcoming point release. There is no CVE assigned, if you feel strong about it, can you try to get one allocated by MITRE via the cveform? I think we won't go trough the needed workflow to assign a Debian specific CVE id for it. But we will see what MITRE will respond on the request. Regards, Salvatore
