Hi, On Wed, Jan 18, 2017 at 05:23:43PM +0100, Salvatore Bonaccorso wrote: > the following vulnerability was published for php-gettext. > > CVE-2016-6175[0]: > Use of eval too unrestrictive
The packages using php-gettext in buster are: cacti: cacti kopano-webapp: kopano-webapp-common phpmyadmin: phpmyadmin tt-rss: tt-rss Only phpmyadmin is a key package. For phpmyadmin, php-gettext was replaced by motranslator (https://github.com/phpmyadmin/motranslator/) in 4.7. Buster currently has 4.6, but a newer version might be uploaded at some point (see https://bugs.debian.org/879741). Cheers, Ivo