Hi,

On Tue, 10 Mar 2015, László Böszörményi (GCS) wrote:
> On Tue, Mar 10, 2015 at 4:24 PM, Raphael Hertzog <hert...@debian.org> wrote:
> > I'm wondering whether CVE-2015-1609 is affecting the squeeze version. The
> > code base is vastly different between 1.4.4 and the current supported
> > releases.
>  I think it's not affected, but I'm not a security expert and don't
> have the exploit to test it against 1.4.x versions. I think neither
> the Wheezy version (v2.0) is affected. BSON support is modularized in
> it, but can't find the affected file nor the function in the source.
> It would be much better if someone with more security knowledge
> approve or refute me in this matter.

Do you know some upstream developers who could confirm/infirm this?

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/


-- 
To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150323143903.ga29...@home.ouaza.com

Reply via email to