I have received a very simple patch from the upstream developers (perhaps) fixing just a minor issue regarding one of the several reported security issues.
I'm giving up here trying to get a security patch. There are way too many changes across the versions and upstream doesn't have resources to figure out the exact patches and backport them to 1.8.2. So (@security team) what do we do? Live with it? Maintain a backport? Drop the package? I'm screwed… …Christoph -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
