On Sun, Dec 06, 2015 at 11:46:01AM +0100, Moritz Mühlenhoff wrote: > Hi, > Personally I'm in favour of following the openssl point updates and I'd > like to add an additional data point to the discussion: > > CVE-2015-3196 was already fixed as a plain bugfix in an earlier point > release, but the security impact was only noticed later on, so following > the point updates would have fixed this bug five months ago.
So now CVE-2015-7575 (SLOTH) has been made public. This is yet an other example of an issue fixed a long time ago. It only affected wheezy because was fixed just after the version in wheezy. Kurt
