Comment 15 for bug 1710979

https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14176.html claims that "release 3.0.0" of bzr fixes this issue, but there is no such release.

Also, it claims that Adam Collard found the issue - while it was Augie who first made mention of it.