Hi Brian
This is what I think we should do.
1) Send a new DLA telling that the fix is only partial and not complete and
in addtion that elgamal encryption is not supported by the library and
should not be used.
2) Mark the CVE as no-dsa/ignored in the security database.
Suggested DLA text. Any
On Mon, Apr 02, 2018 at 01:45:40AM +0100, Ben Hutchings wrote:
>
> I would suggest looking at how non-default compiler versions are built
> in other suites.
>
> Ben.
>
Hi Ben,
Could you provide some more specific pointers at what I should look at?
I tried looking at gcc-4.8 in jessie, but I was
