Hi Simon, On Sat, Jun 17, 2023 at 03:22:21PM +0100, Simon McVittie wrote: > Package: release.debian.org > Severity: normal > Tags: bookworm > User: release.debian....@packages.debian.org > Usertags: pu > X-Debbugs-Cc: vte2...@packages.debian.org, debian-b...@lists.debian.org, > t...@security.debian.org > Control: affects -1 + src:vte2.91 > > [ Reason ] > Fix an infinite-loop bug processing a particular control sequence. > (#1037919, LP: #2022019) > > [ Impact ] > If unfixed, the infinite loop could be triggered by a malicious program > accessed via ssh, telnet or similar protocols and used as a denial of > service. I asked the security team whether they wanted to do a DSA for > this and haven't heard back, so I'm assuming the answer is no.
Aplogies, we have missed to reply to your question in #1037919. Te point release approach looks indeed fine. FWIW, do you know if upstream has requested a CVE for it? Regards, Salvatore