Moritz Mühlenhoff <jmm@inutil.org> writes: > We're tracking at as it's currently assigned by MITRE and it's their usual > practice to split out secondary angles to a separate CVE ID. As such, you > should rather reach out to them via https://cveform.mitre.org and request > a separate ID for the part that affects 1.2.x as well. Request submitted. I hope... -- Brian May <bam@debian.org>