Ola Lundqvist <o...@inguza.com> writes: > I had the same issue a month ago. It solved itself after a few days > when new issues were found.
Now only two packages on the unassigned list: The following packages are used by our customers (by order of decreasing importance, more hours means more important): * openssl (100 %) NOTE: For CVE-2016-2177, some parts of the upstream patch do not apply NOTE: because the wheezy version is completely missing the checks being NOTE: fixed! Those checks should probably be added by cherry-picking NOTE: additional upstream changes. NOTE: Kurt Roeckx considers CVE-2016-2177 and CVE-2016-2178 to be low NOTE: priority issues and will fix them after the next release of OpenSSL. Remaining issues are: (no customers have expressed need for support yet) * chicken So, really only one: chicken - and as discussed previously it isn't clear that the wheezy version is vulnerable because of significant changes in the code base. -- Brian May <b...@debian.org>
