Hi Moritz & Chris, On Tue, Dec 08, 2020 at 02:37:14PM +0000, Chris Lamb wrote: > Hi Moritz, > > > CVE-2019-20218 isn't fixed in Stretch/LTS. Running the reproducer: >
Thanks for reporting this. It seems I overlooked something in my update. I should have taken greater care. > > Roberto, can you follow-up on this? > I have claimed the package in dla-needed.txt. I will get this straightened out (including properly confirming that the vulnerability is fixed) in the coming days. Regards, -Roberto -- Roberto C. Sánchez
