Hi, looking at https://security-tracker.debian.org/tracker/source-package/dwarfutils it seems we don't running dwarfutils on untrusted code in wheezy. I wonder if we should state things as such. If so I could safely mark CVE-2016-9480 as no-dsa as well. Cheers, -- Guido