Re: CVE-2016-2839 / Firefox-ESR

To: Brian May <brian@linuxpenguins.xyz>, debian-lts@lists.debian.org, team@security.debian.org
Cc: glandium@debian.org
Subject: Re: CVE-2016-2839 / Firefox-ESR
From: Chris Lamb <chris@chris-lamb.co.uk>
Date: Wed, 17 Aug 2016 09:00:30 +0100
Message-id: <[🔎] 1471420830.1306019.697713113.5E4B983E@webmail.messagingengine.com>
In-reply-to: <[🔎] 87fuq36f4g.fsf@prune.linuxpenguins.xyz>
References: <[🔎] 87fuq36f4g.fsf@prune.linuxpenguins.xyz>

Hi Brian,

> 45.3.0esr-1~deb7u1 in wheezy is vulnerable.
> 45.3.0esr-1~deb8u1 in jessie is vulnerable.
> 45.3.0esr-1 in sid and stretch is not vulnerable.
> 
> Which makes me wonder if Wheezy and Jessie versions have been fixed, but
> not marked as such

Good spot.

CVE-2016-2839 is marked as fixed in the changelog of 45.3.0esr-1~deb7u1.
Mike, as author of that changelog entry, can you comment here?


Regards,

-- 
Chris Lamb
chris-lamb.co.uk / @lolamby

Reply to:

Follow-Ups:
- Re: CVE-2016-2839 / Firefox-ESR
  - From: Mike Hommey <mh@glandium.org>

References:
- CVE-2016-2839 / Firefox-ESR
  - From: Brian May <brian@linuxpenguins.xyz>

Prev by Date: Re: matrixssl
Next by Date: Re: CVE-2016-2839 / Firefox-ESR
Previous by thread: CVE-2016-2839 / Firefox-ESR
Next by thread: Re: CVE-2016-2839 / Firefox-ESR
Index(es):
- Date
- Thread