Howdy! CVE-2017-9445 is a remotely exploitable bug in systemd. It was first announced to the public about four or five days ago, not sure when it would have been announced to the security team.
Am I correct in interpreting this: https://security-tracker.debian.org/tracker/CVE-2017-9445 as meaning a fix to it still isn't in sid, and therefore is not yet in the process of percolating down to stretch? Is there a preferred way of temporarily mitigating the problem? Remote exploitation that you can trigger by forcing a program to DNS queries seems kind of bad. Perry -- Perry E. Metzger pe...@piermont.com
