Hello Michael, On 16-10-03 12:11:48, Michael Biebl wrote: > > https://security-tracker.debian.org/tracker/CVE-2016-7796 says all > > but the version in sid are vulnerable to CVE-2016-7796 and reading > > No, sid is not vulnerable. It has been fixed in 231-9
I wrote 'all but the version in sid', English not being my mother tongue this seemed to me the correct way to express exactly that, i.e. 'sid is not vulnerable', but maybe I'm wrong. > > https://github.com/systemd/systemd/issues/4234#issuecomment-250441246 > > > > this sounds still rather serious, so a security upload would be > > appreciated. > > > > This bugs is *not* about CVE-2016-7796 and as I wrote, stable is not > affected by the crash. You didn't write about which CVE the bug is (or maybe I missed that), just that the 'news about systemd crashing when getting a zero sized message on the notification socket made the rounds recently'. > Are you a member of the security team? No, I never said I am, but it seems you noticed your error or were pointed to it. And thanks to Florian and Salvatore for reading the same information that I did and taking this seriously in a polite manner. Cheers Wolfgang
signature.asc
Description: Digital signature
