On Mon, 15 Apr 2013, Sam Hartman wrote:
"Tom" == Tom Yu <[email protected]> writes:
Tom> Sam Hartman <[email protected]> writes:
>> My recommendation is that this is not worth a DSA or stable fix
>> for squeeze unless some Debian user comes forward and says that
>> they're seeing crashes in the wild related to this.
>>
>> --Sam
Tom> Keep in mind that unmodified client software can trivially
Tom> trigger this vulnerability. I can do an explicit check of the
Tom> trigger against the 1.8 branch if you'd like confirmation.
I understand.
Having seen the reproducer, I am of the opinion that this bug should get
fixed in stable.
I am planning to prepare a candidate stable upload (which may include
another bugfix if it seems appropriate) later this week for consideration.
-Ben
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
