Comment 2 for bug 1706900

Please bump the importance to "High". This is a trivially and remotely exploitable authentication bypass, and it's classified "Critical" upstream, and "High" over at Debian.

This bug was raised and fixed upstream last year. Debian backported the fix in January. Since when are you aware of it?