Hi Utkarsh et al.,
> Unless there's a CVE assigned for this, should I really be fixing it
> and announcing the update?
This might be conflating cause and effect. Let me ask a question in
return - did you consider applying for a CVE? If we cannot justify
applying for one on grounds of severity then by that very fact it
won't be worth fixing in Jessie LTS.
(Getting a CVE is somewhat easier than you think and my the first CVE
I was assigned was actually a nice little badge of honour.)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org 🍥 chris-lamb.co.uk
`-
