On Thu, Apr 27, 2017 at 10:55:51AM +0200, Bolesław Tokarski wrote: > I'm curious to see the version scope/some proof of a particular version not > being affected by CVE-2016-10328.
See https://security-tracker.debian.org/tracker/CVE-2016-10328 > The reason I'm asking is because I'm maintaining a backport of the jessie > 2.5.2-3 to wheezy and it seems that jessie one did not receive any of the > mentioned CVE fixes despite the debian-lts team prepared another patch for > 2.4.9 already. CVE-2016-10244 was only scheduled for the next point release due to low impact, but in the light of the new CVE-2017-8105, it'll be fixed in a DSA as well. Cheers, Moritz
