I checked that the CVE patches have been applied upstream.

-- 
Vincent Legoll