Hi, Hugo Lefeuvre wrote: > Anyways, 4.3.29 introduced quite a few regressions[0], we should probably wait > for 4.3.30.
I would neither upload 4.3.29 nor 4.3.30 to Jessie but only the minimal patch plus the hostname regex regression patch as I do for Stretch and Buster. Also someone needs first to verify that the Xymon upstream version in Jessie (IIRC 4.3.17) is actually vulnerable. Upstream didn't specify if any version before 4.3.28 is affected, too. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE