Hello Jeroen,

I also cannot reproduce any exploit with points 1,2. Given that the full
upstream fix has been backported to Debian, and also considering the
quality of the referenced report, I think it's safe to say that this
vulnerability is indeed fixed.

Unfortunately, upstream doesn't mention CVE ids in its security tracker.



Thijs


Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to