Hi Rob, On Wed, Jan 20, 2016 at 05:41:56AM -0600, Rob Browning wrote: > Rob Browning <rlb@defaultvalue.org> writes: > > > I believe the package is scheduled to be removed next week, and I'm > > still waiting on a discussion with upstream about a (non-trivial) patch > > I wrote to attempt to address the problem. > > > > So I wanted to ask for an opinion about the claim here that it might be > > reasonable to lower the severity: > > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808730#20 > > > > Thanks > > I just wanted to ping you, since today's the removal deadline. Yes I think we can downgrade the severity for it to important, since the attack vector is mitigated by the symlink restrictions enabled. Regards, Salvatore
Attachment:
signature.asc
Description: PGP signature