[debian-security@ is totally unrelated here, if you want to reach the
Security team the correct address is [email protected]]
On Wed, Mar 18, 2020 at 06:14:36PM +0100, Sylvain Beucler wrote:
> I excluded 3 out of 8 packages. I only added packages that actually
> contain the impacted code (VNC client connection, using original RealVNC
> codebase).
"Contains the impacted code" is not the relevant criterion here, it's
"contains the impacted code and the respective library function can be
triggered in a security-relevant scenario/trust boundaries are crossed".
Cheers,
Moritz
