Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 20 Oct 2016 23:07:52 +0200
From: Florian Weimer <>
Subject: Re: CVE-2016-2848 has been disclosed.

* Michael McNally:

> Since information concerning the vulnerability, including
> a reproduction script, exists in a public bug repository
> we urge you to update vulnerable binary packages as soon
> as possible.

This is in reference to this Debian bug:


I assumed it was a Debian-specific backporting problem, affecting only
the LTS branch of the previous (non-current) stable release.  It did
not occur to me that this was an independent bugfix which happened
upstream some time ago, and that affected software versions are still
widely deployed.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.