On 09-May-19 09:33 AM, Markus Wollny wrote: I see LTS (jessie) is still marked as vulnerable, the DLA needed doc indicates a test package was ready on 12 May, are there issues around it's release?Hello, Is there an ETA on the fix for this bind9 vulnerability to be available for Debian Stretch yet? https://security-tracker.debian.org/tracker/CVE-2018-5743 says that the stable branch is still vulnerable (fixed in buster/sid only), even though the Debian bug report https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927932 is already marked as closed. I admit I am not all too familiar with usual Debian security procedures in such cases, but as the bug is rated with a severity rating of grave and it's now two weeks since the public disclosure, I am starting to feel a little worried. Kind regards Markus --
Kind Regards, Shaun Bugler System Administrator Hetzner (Pty) Ltd SA Contact Centre: 0861 0861 08 International: +27 21 970 2000 Website: hetzner.co.za Disclaimer: hetzner.co.za/email-disclaimer |