On Mon, 22 Dec 2014, Gianfranco Costamagna wrote: > Hi dear Raphael, > > fortunately oldstable is almost unaffected by this kind of CVEs, because > almost all of them > refers to code written after the squeeze release, anyway here we go, this > should be the only > patch useful for squeeze folks
Thanks for the info! So the only remaining CVE would be https://security-tracker.debian.org/tracker/CVE-2014-9380 and https://security-tracker.debian.org/tracker/CVE-2014-9381 for the CVS dissector. BTW, https://security-tracker.debian.org/tracker/CVE-2014-9376 mentions also ec_dhcp.c which is present in the squeeze version. Do you confirm that it is also unaffected? And also https://security-tracker.debian.org/tracker/CVE-2014-9378 mentions ec_imap.c which is present in the squeeze version. Do you also confirm that it is unaffected? Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
