Then it does not affect Debian. I did not know this detail as I am not the user of this package. I thought it is better to report this issue to get information public. I can add this detail to Debian security tracker and close this bug. - Henri Salo