Hello, it's 2016 and this "bug" is still there. I have nginx from jessie-backports ( 1.9.10-1~bpo8+1 ) which is not affected by this CVE - https://security-tracker.debian.org/tracker/CVE-2016-0746 - but debsecan still says I have affected version.
For detecting backports - they now have "~bpo" in their version. Regards, Marqin
