(Resent)
Hello,
Mike Gabriel a écrit :
>
> I did not meet that issue on my test rig. I will check the recently
> upload package and report back.
FWIW, I just upgraded the isc-dhcp-server package on my i386 Squeeze
server and did not meet that issue. It only has /etc/dhcp/dhcpd.conf, no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sat, 16 Jan 2016 10:29:40 +0100
Source: prosody
Binary: prosody
Architecture: source amd64
Version: 0.7.0-1squeeze1+deb6u1
Distribution: squeeze-lts
Urgency: high
Maintainer: Matthew James Wild
Changed-By: Chris
jasper has a number of unfixed CVEs:
CVE-2016-1867
CVE-2015-5221
CVE-2015-5203
all of which were marked for wheezy and jessie. I understand
this for CVE-2016-1867 as that's only an out-of-bounds read, but the
other two are double-frees that I would expect to be usable for code
execution. Am I