Hi Salvatore, Thanks for the ping and the actual ICU bug link.
On Fri, Nov 18, 2016 at 3:34 PM, Salvatore Bonaccorso <car...@debian.org> wrote: > According to https://bugzilla.redhat.com/show_bug.cgi?id=1377361#c5 > there is now an upstream bug about the issue, but unfortunately for > some reason it is still marked as private. > > http://bugs.icu-project.org/trac/ticket/12745 That's for two weeks now! I don't see a reason why this vulnerability takes such long to fix in ICU. :( Hopefully it will be open in time for Stretch. :-/ Cheers, Laszlo/GCS