If the version in Debian is not affected by this bug, you can of course close or downgrade this bug.
Note that I have never used sage and don't know how it works, but from your description it sounds like disabling HTML mode would take care of many potential vulnerabilities. So I don't see any reason not to release the current version with etch. However, if you uploaded a new version with HTML mode enabled you need to be very sure that the sanitization works. Maybe it would be a good idea to delay this upload past etch release or prevent it from reaching etch by filing a (versioned) RC bug. Of course, if you think that the current version is not fit to be released with etch, then you should ask debian-release to remove it. You can also file a seperate severity serious bug report saying that you think it unfit for release. Cheers, Stefan
pgpBmxxsBTQ96.pgp
Description: PGP signature
