On 01/08/15 19:56, Moritz Mühlenhoff wrote: > since jessie is frozen, only a targeted security fix > would be allowed by the release team anyway. Can you > please prepare one?
I know but was waiting for upstream to feel comfortable enough with the fix to push the release while also working on back porting in myself. However the real key is it doesn't actually look like the version, 20120410-2, in sid, jessie, wheezy is affected by the CVE-2014-9482. The CVE is explicitly calls out versions: dwarf-20130126 to dwarf-20140805. I've been trying to use the new regression test to verify that 20120410-2 but have not been able to verify that yet. Troy
signature.asc
Description: Digital signature
