Control: -1 found 7.07-1 Control: -1 fixed 8.09-1 On Sat, 2020-05-02 at 13:17 +0100, David Woodhouse wrote: > Which means since 7.07 in July 2016. > > On 2 May 2020 11:29:34 BST, Luca Boccassi <bl...@debian.org> wrote: > > Package: openconnect > > Version: 6.00-2 > > > > Tracking https://security-tracker.debian.org/tracker/CVE-2020-12105 > > Not sure what's the oldest version affected, asked on > > https://security-tracker.debian.org/tracker/CVE-2020-12105
Yep - we never built with libssl so we are ok in Debian/Ubuntu. I'll record the versions as the sources are vulnerable, just in the off- chance some downstream uses libssl for whatever reason. -- Kind regards, Luca Boccassi
signature.asc
Description: This is a digitally signed message part
