On Sat, May 25, 2019 at 09:08:32AM +0100, Chris Lamb wrote:
> Hey,
>
> > > The following vulnerability was published for minissdpd.
> > >
> > > CVE-2019-12106[0]:
> > > | The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and
> > > | 1.5 allows a remote attacker to crash the process due to a Use After
> > > | Free vulnerability.
> […]
> > Chris, thanks for your proposal to update Stretch, I very much
> > appreciate it.
>
> Another gentle ping, security team?
This doesn't warrant a DSA, feel free to fix it via a point release instead.
Cheers,
Moritz
