Hi, sorry for initially messing up the release names. This issue and the attached debdiff should target stretch alias stable.
I just filed another similar issue for jessie: #873877. Unstable already got the security fix with 1:2017.2.1+dfsg-4. The original security issue reported by Florent is #873439 (CVE-2017-13709 [0]). Kind Regards Markus Wanner [0]: https://security-tracker.debian.org/tracker/CVE-2017-13709
signature.asc
Description: OpenPGP digital signature
