-- Begin Quote: ----------------------
From: Chris Lamb <la...@debian.org>
To: 906...@bugs.debian.org
Cc: t...@security.debian.org
Subject: Re: libxcursor: CVE-2015-9262
Date: Mon, 13 Aug 2018 08:18:27 +0100
[Message part 1 (text/plain, inline)]
Hi security team,
> libxcursor: CVE-2015-9262
I have prepared an update for stretch:
libxcursor (1:1.1.14-1+deb9u2) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fix a denial of service or potentially code execution via
a one-byte heap overflow. (CVE-2015-9262) Closes: #906012)
-- Chris Lamb <la...@debian.org> Mon, 13 Aug 2018 09:09:13 +0200
Full debdiff attached. Permission to upload to stretch-security?
-- End Quote: ------------------------
Hi Chris & Security Team:
Has Chris' patch for "Stretch" gone to /dev/null ?
"Stretch"/stable remains exposed whilst old-stable, testing, and
unstable have been patched.
May I seek your enlightenment on this matter?
My kindest regards,
Bjoern.
