Am 05.04.19 um 13:56 schrieb Francesco P. Lovergine: [...] > That should be definitively the easiest solutions. Of course 1.3.5e does > not strictly fix only those three leaks, so that update could be non > acceptable for a secteam upload.
The security team has marked this issue as no-dsa, so stretch-pu is the only route for an update now. I also tried to backport the specific fixes for those leaks first but the changes were quite invasive and time consuming. In my opinion the update to 1.3.5e is the better solution and I hope I can convince the release team.
signature.asc
Description: OpenPGP digital signature
