On Jan 25, 2016 4:49 PM, "Ben Hutchings" <ben@decadent.org.uk> wrote:
>
> On Mon, 2016-01-25 at 15:23 -0800, Zachary Loafman wrote:
> > Can this issue be treated with high importance?
>
> You would have got a faster response if you had reported the bug
> against a real package name in the first place.
Apologies, I'm not actually original reporter. I was notified of the bug report today and it matches something we found in internal testing after using an image that had the CVE fixed. Anyone who updates to fix that CVE may run across the same.