oss-sec mailing list archives
Re: CVE-2016-2848 has been disclosed.
From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 20 Oct 2016 23:07:52 +0200
* Michael McNally:
Since information concerning the vulnerability, including a reproduction script, exists in a public bug repository we urge you to update vulnerable binary packages as soon as possible.
This is in reference to this Debian bug: <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839051> I assumed it was a Debian-specific backporting problem, affecting only the LTS branch of the previous (non-current) stable release. It did not occur to me that this was an independent bugfix which happened upstream some time ago, and that affected software versions are still widely deployed.
Current thread:
- CVE-2016-2848 has been disclosed. Michael McNally (Oct 20)
- Re: CVE-2016-2848 has been disclosed. Florian Weimer (Oct 20)