On Tue, Apr 27, 2021 at 10:02:13AM -0600, Mike Markley <m...@markley.org> wrote: > I do see that there's a recent PR upstream to fix this CVE: > https://github.com/ScrollZ/ScrollZ/pull/26
I see that this PR has now been merged. I rebuilt 2.2.3-1 with the ctcp.c portion of the patch locally, but I haven't installed it yet as I don't have exploit code to test against the old build (I'd like to verify that it crashes my client before upgrading). I don't actually know the procedures for a security update, in any case. so if anyone has advice on next steps, I'd appreciate it. -- Mike Markley <m...@markley.org>