On Sun, Apr 01, 2018 at 10:52:59PM +0200, László Böszörményi (GCS) wrote:
> Hi Moritz,
>
> On Sun, Apr 1, 2018 at 10:38 PM, Moritz Muehlenhoff <j...@debian.org> wrote:
> > Package: thrift-compiler
> > Severity: grave
> > Tags: security
> >
> > This was assigned CVE-2016-5397:
> > https://issues.apache.org/jira/browse/THRIFT-3893
> This affects the Go compiler component only if I see it right. That's
> packaged only with 0.9.3-2 and later versions. As such, it affects
> only thrift which is still in experimental only. I need to check every
> usage scenario of course - but I'm going to do that in daytime and not
> at the moment. :-/
Thanks, I wasn't aware of that. If you can confirm that, please update the
security tracker to mark it as not-affected.
Cheers,
Moritz
