Control: tags -1 + confirmed On Fri, 2019-11-29 at 09:54 +0100, Dylan Aïssi wrote: > Upstream has fixed CVE-2019-9656, this CVE is non-dsa. The patch is > already applied in jessie/buster/testing/unstable (#924350) and now I > would like to fix the Stretch version. Please find attached a > debdiff. > Please go ahead; sorry for the delay. Regards, Adam