On Sun, Jul 02, 2017 at 12:44:20AM +0200, deloptes wrote: > > I don't think it is that new as I have not done any upgrades recently and I > have > dpkg -l | grep systemd > ii libpam-systemd:amd64 215-17+deb8u7 > > amd64 system and service manager - PAM module > ii libsystemd0:amd64 215-17+deb8u7 > > amd64 systemd utility library > > and in the CVE-2017-9445 it says it is fixed in jessie in the above > mentioned versions ... so it must be at least few weeks old as I recently > updated back then. >
>From my reading of the issue it isn't that it is fixed in Jessie, it is that it was never an issue in the first place in Jessie -- Jessie's version of systemd never had the vulnerable code (presumably because the vulnerable code is newer than that) Mark