On Dec/13, Uwe Kleine-König wrote: > I had the impression that the 2nd might be bad, too. There is no > public exploit available, but AFAIK writing to unallocated memory is > dangerous?
Yes, it is, you're right. But the first one is such an obvious flaw, that it doesn't require any sort of creativity to exploit :) Anyway, we want them both fixed. > Yeah, I wondered if the version is right and trusted dch --security to > do the right thing. Find below a debdiff using +deb8u1 Perfect, you can upload to security-master (no source-only though). Also, make sure you build with -sa, as it will be new on that host. Cheers, --Seb
