On 2015-01-28 12:27, Peter Viskup wrote:
before considering downtimes and patching activities on production serversread these: https://www.debian.org/security/2015/dsa-3142 http://seclists.org/oss-sec/2015/q1/283 especially the second link mention network-facing software which is not vulnerable due to proper sanitization out of glibc.
Indeed, however you will notice that the list on the second link does not contain exim, the default SMTP server software for debian. This was used for proof-of-concept code.
http://seclists.org/oss-sec/2015/q1/274 Cheers Iain