On 2017-07-01 16:36 -0400, Perry E. Metzger wrote: > Howdy! CVE-2017-9445 is a remotely exploitable bug in systemd. It was > first announced to the public about four or five days ago, not sure > when it would have been announced to the security team. > > Am I correct in interpreting this: > https://security-tracker.debian.org/tracker/CVE-2017-9445 > as meaning a fix to it still isn't in sid, and therefore is not > yet in the process of percolating down to stretch?
That seems to be correct. > Is there a preferred way of temporarily mitigating the problem? Yes, don't use systemd-resolved in the first place. As mentioned in the tracker, systemd-resolved is not enabled by default in Debian, therefore the problem is not treated as urgent. Cheers, Sven