(In reply to Marcus Meissner from comment #2) > is the CVE correct? it is quite high for a 2017 one >From http://seclists.org/oss-sec/2017/q1/21 > Use CVE-2017-5180.