Hi! > A while has passed, and have now proposed the same change for bullseye > as well, cf. #1031527.
Great!
There is no CVE assigned, if you feel strong about it, can you try to get one allocated by MITRE via the cveform? I think we won't go trough the needed workflow to assign a Debian specific CVE id for it. But we will see what MITRE will respond on the request.
I don't believe MITRE will accept such a request and redirect me to Debian [1].
I believe obtaining a CVE ID would be beneficial so that this issue may be tracked by downstream projects/distributions.
[1] https://www.cve.org/PartnerInformation/ListofPartners/partner/debian Regards, Gabriel