I ran into this security vuln while cleaning up the package, not sure if it's GLSA-worthy. I'm patching it in the tree already.
No GLSA if the package was never stable, which seems to be the case. 1.3-r4 fixes this bug, right?
yes, 1.3-r4 fixes it.
(In reply to comment #2) > yes, 1.3-r4 fixes it. > Ok, so closing. thanks for the report.