On Wed, Jul 26, 2017 at 12:46:11PM +0200, Romain Francoise wrote: > On Sun, Jul 23, 2017 at 03:05:40PM +0200, Salvatore Bonaccorso wrote: > > This issue has been fixed upstream in 4.9.1, according to > > http://www.tcpdump.org/tcpdump-changes.txt > > Yes, thanks, I will upload to unstable shortly. > > If this is still no-dsa, I will try to get it fixed in stable via s-p-u.
That particular CVE ID is no-dsa by itself, but there's been new issues reported (not yet in the BTS, also not sure whether upstream has acted on those): https://security-tracker.debian.org/tracker/CVE-2017-11541 https://security-tracker.debian.org/tracker/CVE-2017-11542 https://security-tracker.debian.org/tracker/CVE-2017-11543 https://security-tracker.debian.org/tracker/CVE-2017-11544 https://security-tracker.debian.org/tracker/CVE-2017-11545 Next point updates are quite some time afar, so let's wait a bit until those new ones have been investigated further. Cheers, Moritz
