Hi, I have not reviewed the whole patch but the following appeared on my redar while reviewing:
On Sun, Jun 09, 2019 at 05:09:15PM +0900, Kentaro Hayashi wrote: > + [ Kentaro Hayashi ] > + * Non-maintainer upload. > + * d/patches/CVE-2019-11502.patch: fix unintended access to a private /tmp > + directory. (Closes: #928052) This should not close the bug yet as it only adresses CVE-2019-11502. #928052 both tracks CVE-2019-11502 CVE-2019-11503. So onless I miss smoething the changes to fix CVE-2019-11503 are missing yet. Regards, Salvatore