On Sun, Apr 01, 2018 at 10:52:59PM +0200, László Böszörményi (GCS) wrote: > Hi Moritz, > > On Sun, Apr 1, 2018 at 10:38 PM, Moritz Muehlenhoff <j...@debian.org> wrote: > > Package: thrift-compiler > > Severity: grave > > Tags: security > > > > This was assigned CVE-2016-5397: > > https://issues.apache.org/jira/browse/THRIFT-3893 > This affects the Go compiler component only if I see it right. That's > packaged only with 0.9.3-2 and later versions. As such, it affects > only thrift which is still in experimental only. I need to check every > usage scenario of course - but I'm going to do that in daytime and not > at the moment. :-/
Thanks, I wasn't aware of that. If you can confirm that, please update the security tracker to mark it as not-affected. Cheers, Moritz