If you fix the vulnerability please also make sure to include the CVE id in your changelog entry.
fixed by the upstream patch 232557c9e5a24f5dbd18ad9a2106cafb74e4e0cf Paolo -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org