Hi Salvatore, Thanks for the update. I still can see CVE-2016-9840 as vulnerable for stretch on security tracker. May be its just taking time to update.
I will check and confirm again after couple of hours. Thanks & Regards Gunjan Gupta On Thu, May 16, 2019, 2:54 PM Salvatore Bonaccorso <car...@debian.org> wrote: > Hi, > > On Thu, May 16, 2019 at 09:53:36AM +0530, Gunjan Gupta wrote: > > Hi Paul, > > > > The changelog of the latest rsync package available in stretch does say > > that these are fixed, but I can still see that stretch is shown as > > vulnerable on the security tracker. > > > > https://security-tracker.debian.org/tracker/CVE-2016-9840 > > > > If these are fixed, could you please get the security tracker updated? > > YOu are right the CVE-2016-9840 patch seems to be applied as well in > the stretch point release update. > > I have updated the security-tracker information. > > Regards, > Salvatore >
