Hi Salvatore, On Sun, Dec 30, 2018 at 09:38:57AM +0100, Salvatore Bonaccorso wrote: > > There is an alternative approach wich was raised by Magnus in the > respective bug: https://bugs.debian.org/914632#12 (and see followup > from Moritz). >
I suppose I should have looked more carefully at the bugs associatd with CVE-2018-19518 and subscribed to this one. Thank you for pointing it out to me. The suggestion from Magnus is certainly less likely than mine to allow for a future exploit of the same mechanism via different means. Magnus, Would you prefer to handle the jessie update? If not, I will wait until you have patch ready and I can build/upload for jessie and release the corresponding advisory. Regards, -Roberto -- Roberto C. Sánchez
