Hi, Just a quick comment on:
On Mon, Aug 08, 2016 at 06:29:30PM +1000, Brian May wrote: > I am inclined to say that no version of twisted, by itself, has this > vulnerability. However like I said earlier it is possible that > applications that use twisted have this vulnerability. Looking at the upstream ticket https://twistedmatrix.com/trac/ticket/8623 I suspect that Twisted 16.3.1 will have something to help mitigating the issue in application that use twisted. For Jessie, we do not plan to release any DSA related to this for src:twisted. Don't know if you want to follow that on LTS side. Regards, Salvatore