On Mon, Mar 27, 2017 at 08:41:55AM +0100, Chris Lamb wrote: > Hi Mark, > > > 1.7.6+deb7u1 is now available from http://hindley.org.uk/~mark/debian > > Very happy to review, upload and announce this. :) > > However, before I do, did you request a CVE? No worries if not, I will just > wait > forit to be assigned if you have.
No, I haven't. The initial report was sent in privately from an external third party via Eduard Bloch, the apt-cacher-ng maintainer. Debian security maintainers have opened bug #858739 to have a BTS reference in lieu. Many thanks. Mark
