(In reply to Karol Babioch from comment #1) > Factory already contains 4.3.1, which is contains the fix for this > vulnerability. Other codestreams (15.x, 42.3) however are still based on > older versions and are affected by this. ...which is why I left the original bugs open. Do we really need to have five more bugs just for the backports?