Hi David, On Tue, Nov 10, 2015 at 08:59:04AM +0100, Thijs Kinkhorst wrote: > Hi David, > > On Mon, November 9, 2015 23:25, David McDonald wrote: > > Hi Salvatore, > > > > Your e-mail below states: > > > > "For the stable distribution (jessie), this problem has been fixed in > > version 6.0-16+deb8u2" (Note bene the last digit) > > > > However, https://www.debian.org/security/2015/dsa-3386 states: > > > > "For the stable distribution (jessie), these problems have been fixed in > > version 6.0-16+deb8u1" > > The website is updated periodically so it can take a short while before it > reflects the update that was sent out in the email.
Just an additional note on the version numbers: the 6.0-16+deb8u1 was the version which fixed the security isses with CVE. 6.0-16+deb8u2 is an additional update which fixes a regression when extracting 0-byte files. So what the webpage reflects is the version where the security issues were fixed. Hope this helps! Regards, Salvatore
