On 17/06/17 16:04, Michael Biebl wrote: > On Thu, 7 Apr 2016 19:43:36 +0200 Salvatore Bonaccorso > <car...@debian.org> wrote: >> Source: network-manager >> Version: 0.9.4.0-10 >> Conrol: fixed -1 1.1.91-1 >> >> Hi, >> >> On Wed, Apr 06, 2016 at 11:25:58PM +0200, Michael Biebl wrote: >>> Hi Moritz, >>> >>> Am 06.04.2016 um 22:08 schrieb Moritz Muehlenhoff: >>>> Hi Michael, >>>> there's CVE-2016-0764 for network-manager: >>>> https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=60b7ed3bdc3941a3b7c56824fba4b7291e79041f >>>> (1.2-beta2) >>>> >>>> It's also fixed in 1.0.12: >>>> https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/NEWS?h=1.0.12 >>>> >>>> This doesn't warrant a DSA, but you can fix it through a jessie >>>> point update. >>> >>> Could you turn this into a bug report please, otherwise I'll most >>> certainly forget. >> >> Forwarding this to the BTS. > > With stretch being released any moment now, this will have to be handled > as a debian-lts / oldstable upload. > > CCing the debian-lts mailing list, in case they want to make an upload > for this issue (it's not DSA tracked)
jessie is not handled by the LTS team yet. Besides it's still open, you can do a jessie-pu upload. Cheers, Emilio