On 2018-07-11 14:25:46 [+0200], Bernd Zeimetz wrote: > Hi, Hi, > This is fixed since one year in the openssl 1.1.0 stable branch.
so I do have a little side project where I try to bring the latest 1.1.0 stable release into Debian stable via p-u for reasons like this. Do I understand this correctly that you have a fix localy and would like that it does not get lost after the next security update? If so I would leave it for now and attempt to get this closed via the p-u update or as part the next CVE fix round via security if they play along. Sebastian