2016-12-29 12:29:53	sangy	Hello, I've been trying to figure out if CVE-2016-9447 is fixed in 1.10.2 but I can't find mention of it on the release notes, or in the bugtracker or in the git commit log. I don't even see an open ticket for it. Is there anything I'm missing?
2016-12-29 13:13:56	__tim	sangy, I believe that one only affects 0.10 and none of the 1.x
2016-12-29 14:15:21	__tim	sangy, put differently, 0.10 is no longer maintained and hasn't been maintained for years, there will not be any more official releases with a fix, distros/users can remove the .so file
016-12-29 14:45:39	sangy	__tim: ok, but this 0.10 .so is not shipped with 1.10.2 right? (sorry for the dumb question)
2016-12-29 14:53:58	ensonic	sangy, the 0.10 file is shipe with something having 0.10.36 in the version, definitely not 1.10.2
2016-12-29 15:11:19	__tim	sangy, no it's not
2016-12-29 15:16:03	slomo__	sangy: CVE-2016-9447 only affects 0.10. who says that it's fixed in 1.10.2?
2016-12-29 15:16:19	slomo__	sangy: the fix is basically... that the whole plugin was removed because there's a better alternative anyway