Control: tags -1 + confirmed On Tue, 2018-04-17 at 17:45 +0200, Laszlo Boszormenyi (GCS) wrote: > I'd like to fix CVE-2018-1000156 in patch for Stretch, which is an > arbitrary command execution in ed-style patches. > While it might be used for remote compromise, it would need a setup > to > accept patches unconditionally. But then an attacker has an easy path > already to insert vulnerable code to source files or JavaScript > injection to HTML pages, etc. Hence it doesn't warrant a DSA on its > own, but would be good to fix in a point release. >
Please go ahead. Regards, Adam
