Many thanks to all for tracking this bug, adding info, coordinating with upstream, following progress, testing the fix, and thanks to Matthias for uploading the fixed upstream version.
@Matthias I think we really shouldn't release without the fix so an upgraded severity to >= serious would be appropriate for this bug. But I'll leave you judge on that. Happy hacking ! -- Aurélien