Hi, On Tue, 10 Mar 2015, László Böszörményi (GCS) wrote: > On Tue, Mar 10, 2015 at 4:24 PM, Raphael Hertzog <hert...@debian.org> wrote: > > I'm wondering whether CVE-2015-1609 is affecting the squeeze version. The > > code base is vastly different between 1.4.4 and the current supported > > releases. > I think it's not affected, but I'm not a security expert and don't > have the exploit to test it against 1.4.x versions. I think neither > the Wheezy version (v2.0) is affected. BSON support is modularized in > it, but can't find the affected file nor the function in the source. > It would be much better if someone with more security knowledge > approve or refute me in this matter.
Do you know some upstream developers who could confirm/infirm this? Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150323143903.ga29...@home.ouaza.com