Utkarsh Gupta <guptautkarsh2...@gmail.com> writes: > I am not quite sure about what should we do here because the update (DLA > 1956-1) doesn't quite fix the CVE completely and also brings some login > problems as reported in #125. > Because for now, #121 + #126 = actual CVE fix. But the login problem > remains.
I guess we have three options: 1. Do nothing. 2. Revert the #121 patch, because it could break. I haven't seen any complaints however... 3. Apply the #126 patch too. Not 100% convinced this is a justified change for LTS, but it "looks right". 4. Wait longer for possible upstream solution to #125. Any opinions? -- Brian May <b...@debian.org>