On January 2, 2020 3:50:46 PM UTC, Salvatore Bonaccorso <car...@debian.org> wrote: >If you fix the vulnerability please also make sure to include the >CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
There is no upstream release which includes this fix (except for the 1.0.2 series). Should we quickly address this or is it okay to wait for the next upstream release? I could do this if this is preferred given that this is fixed in Stretch. >Regards, >Salvatore -- Sebastian