On Sun, Dec 04, 2016 at 12:07:14PM +0100, Guido Günther wrote: > Hi Ben, > On Sat, Dec 03, 2016 at 08:36:49PM -0600, Benjamin Kaduk wrote: > > > > Have you determined whether the regular Debian Security Team is interested > > in addressing these issues in jessie? Though carnil@ requested the > > CVE number assignment, I do not see a debian bug for the issue and have > > not (yet?) been in contact with the security team about it. It seems like > > it would be rather strange for a fix to go into wheezy but not jessie.... > > I've just filed the bug (which I forgot to do before sending the > mail) I think the security team will follow up shortly.
As an FYI for those following the issue, I had a separate thread with the security team, and the consensus seems to be no DSA for this bug, but we will try to get a SRU ready. -Ben
