On 10/12/17 19:55, Thorsten Alteholz wrote: > Hi Kurt, > > I added you for CVE-2017-3737 to dla-needed.txt. > > If there is no need for an update, please tell the LTS team. I marked this as postponed (following jessie) as a buggy application is needed for a user to exploit this. Unless it is determined that we have such applications out there, this can wait for the next openssl update. Cheers, Emilio