Hi, On Mon, Mar 13, 2017 at 10:12:56PM +0100, Ola Lundqvist wrote: > Hi Dirk > > I had a quick look at this but I stumbled on the version of the package. > Why 3.1.1-1+deb3.3.3u1 ? > And not 3.1.1u1 or even better 3.1.1+deb8u1 ?
For the versioning: jessie currently has 3.1.1-1. By only applying the patches addressing the CVE, then the version should be 3.1.1-1+deb8u1. Cf. https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#bug-security-building HTH, Regards, Salvatore
