Hi, On Thu, May 16, 2019 at 09:53:36AM +0530, Gunjan Gupta wrote: > Hi Paul, > > The changelog of the latest rsync package available in stretch does say > that these are fixed, but I can still see that stretch is shown as > vulnerable on the security tracker. > > https://security-tracker.debian.org/tracker/CVE-2016-9840 > > If these are fixed, could you please get the security tracker updated?
YOu are right the CVE-2016-9840 patch seems to be applied as well in the stretch point release update. I have updated the security-tracker information. Regards, Salvatore

