Hi Debian Security Team,
I am inquiring on Debian Bullseye as it relates to:
https://security-tracker.debian.org/tracker/CVE-2019-8457
Specifically, it is noted the team has put in a good faith effort in
analyzing the feasibility of backporting relevant patches to Bullseye,
and classifying the urgency of such effort. My read of this so far is
that it's a debug mode only exposure, normally disabled in production
(by default).
With that said, for those environment who are using Bullseye, outside of
the amount of changes required for the backport, is there any technical
'gotchas' or further advice the team could provide for those who are
considering a self-maintain of relevant patches from bookworm / sid into
Bullseye while the discussion continues on this?
Thanks!
- Chris Peñalver
christopher.m.penal...@gmail.com
