>> Should we mark old-stable as not affected given the remark that the >> vulnerability is exploitable since v230?
>> https://security-tracker.debian.org/tracker/CVE-2018-16864 > I do not think so, not-affected would mean the issue is not present. > CVE-2018-16864 though is introduced in v203 itself (see the Qualys > report). Maybe it needs to be discussed in the context of v215 if it > needs a corresponding update or not (that is no-dsa/ignored). As of now all three recent CVEs are marked as "vulnerable" for jessie. Is there a chance that these will get fixed for jessie? _______________________________________________ Pkg-systemd-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
