Stephen Gran <sgran@debian.org> writes: > I am under the impression that 'normal procedures' does not involve > updating the application to catch new threats. If I'm wrong, then there > is no need for this entire thread. Talk to the security team. Talk to the security team. Talk to the security team.