On Sat, May 25, 2019 at 09:08:32AM +0100, Chris Lamb wrote: > Hey, > > > > The following vulnerability was published for minissdpd. > > > > > > CVE-2019-12106[0]: > > > | The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and > > > | 1.5 allows a remote attacker to crash the process due to a Use After > > > | Free vulnerability. > […] > > Chris, thanks for your proposal to update Stretch, I very much > > appreciate it. > > Another gentle ping, security team?
This doesn't warrant a DSA, feel free to fix it via a point release instead. Cheers, Moritz