Re: CVE-2016-2848 has been disclosed.

[Florian Weimer <fw () deneb enyo de>]

* Michael McNally:

> Since information concerning the vulnerability, including
> a reproduction script, exists in a public bug repository
> we urge you to update vulnerable binary packages as soon
> as possible.

This is in reference to this Debian bug:

  <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839051>

I assumed it was a Debian-specific backporting problem, affecting only
the LTS branch of the previous (non-current) stable release.  It did
not occur to me that this was an independent bugfix which happened
upstream some time ago, and that affected software versions are still
widely deployed.