[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 3386-2] unzip regression update

Hi David,

On Tue, Nov 10, 2015 at 08:59:04AM +0100, Thijs Kinkhorst wrote:
> Hi David,
> 
> On Mon, November 9, 2015 23:25, David McDonald wrote:
> > Hi Salvatore,
> >
> > Your e-mail below states:
> >
> > 	"For the stable distribution (jessie), this problem has been fixed in
> > version 6.0-16+deb8u2" (Note bene the last digit)
> >
> > However, https://www.debian.org/security/2015/dsa-3386 states:
> >
> > 	"For the stable distribution (jessie), these problems have been fixed in
> > version 6.0-16+deb8u1"
> 
> The website is updated periodically so it can take a short while before it
> reflects the update that was sent out in the email.

Just an additional note on the version numbers: the 6.0-16+deb8u1 was
the version which fixed the security isses with CVE. 6.0-16+deb8u2 is
an additional update which fixes a regression when extracting 0-byte
files. So what the webpage reflects is the version where the security
issues were fixed.

Hope this helps!

Regards,
Salvatore
Reply to: