On Wednesday 28 January 2015 14:31:23 Jochen Spieker wrote: > Lisi Reisz: > > On Wednesday 28 January 2015 13:25:20 i...@thargoid.co.uk wrote: > >>> https://www.debian.org/security/2015/dsa-3142 > >>> http://seclists.org/oss-sec/2015/q1/283 > >>> > >>> especially the second link mention network-facing software which is not > >>> vulnerable due to proper sanitization out of glibc. > >> > >> Indeed, however you will notice that the list on the second link does > >> not contain exim, the default SMTP server software for debian. This was > >> used for proof-of-concept code. > >> > >> http://seclists.org/oss-sec/2015/q1/274 > > > > So Wheezy users who use Exim are at risk? > > Yes. > > > But it surely then follows that Wheezy users who do not use Exim, or > > even have it installed, are not at risk? > > No. The bug is in the most basic C library. I would assume that all > systems with a vulnerable libc are at risk and update as soon as > possible.
Thanks, yes. At first reading I thought it said that there was no update available for Squeeze and Wheezy, only for Jessie and Sid. I posted again when I realised my mistake. Lisi -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201501281546.51084.lisi.re...@gmail.com
