On Wed, Nov 01, 2017 at 10:28:22PM +0000, Dylan Aïssi wrote: > > --- > commit 25174e187c6211a7e05c44c0fb3eb17556484e61 > Author: Dylan Aïssi <bob.dyb...@gmail.com> > Date: Wed Nov 1 22:47:00 2017 +0100 > > Add an upstream patch to fix CVE-2017-14731 (Closes: #877442) > > diff --git a/debian/changelog b/debian/changelog > index 9fb1aa9..103b223 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -1,3 +1,9 @@ > +libofx (1:0.9.11-5) unstable; urgency=high > + > + * Add an upstream patch to fix CVE-2017-14731 (Closes: #877442). > + > + -- Dylan Aïssi <bob.dyb...@gmail.com> Wed, 01 Nov 2017 22:44:52 +0100
Hi Dylan, this vulnerability doesn't warrant a DSA. There's still the possibility to fix this via a stable point update [1], so I was wondering whether anything of that sort is planned by you. Cheers, Moritz [1] https://www.debian.org/doc/manuals/developers-reference/ch05.html#upload-stable