RFC: fixing ming vulnerabilities them marking ming as not supported
Dear LTS Team,
Since ming is still being used on many systems  of I have prepared
fixes for the known vulnerabilities  and upstreamed them.
While preparing the fixes I could not avoid noticing the lack of
proper input checking at numerous other places which could be
exploited for various kinds of attacks.
I have closed many security holes, but there are still way more than
we could handle thus I suggest marking ming as not supported in the
Before doing so I would happily update the package with the patches I
have already prepared and issue a DLA also mentioning that the package
is still not safe to use on untrusted data.
What do you think?