Date: Thu, 20 Oct 2016 23:07:52 +0200 From: Florian Weimer <fw@...eb.enyo.de> To: oss-security@...ts.openwall.com Subject: Re: CVE-2016-2848 has been disclosed. * Michael McNally: > Since information concerning the vulnerability, including > a reproduction script, exists in a public bug repository > we urge you to update vulnerable binary packages as soon > as possible. This is in reference to this Debian bug: <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839051> I assumed it was a Debian-specific backporting problem, affecting only the LTS branch of the previous (non-current) stable release. It did not occur to me that this was an independent bugfix which happened upstream some time ago, and that affected software versions are still widely deployed.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.