Hi Brian, > 45.3.0esr-1~deb7u1 in wheezy is vulnerable. > 45.3.0esr-1~deb8u1 in jessie is vulnerable. > 45.3.0esr-1 in sid and stretch is not vulnerable. > > Which makes me wonder if Wheezy and Jessie versions have been fixed, but > not marked as such
Good spot. CVE-2016-2839 is marked as fixed in the changelog of 45.3.0esr-1~deb7u1. Mike, as author of that changelog entry, can you comment here? Regards, -- Chris Lamb chris-lamb.co.uk / @lolamby
