Here's another example. The current stable curl build for wheezy LTS is 7.26.0-1+wheezy15 But the 1.9 package is: 7.26.0-1+wheezy13 The issues relate to client certs, so probably not a huge issue. Another one is php. They went off the reservation and installed php7. However, they're on php7.0.9 when the current stable is 7.0.11... According to this URL: http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-201906/PHP-PHP-7.0.9.html There are 11 vulnerabilities in this version. All of them are from remote. Most of them are DoS holes.
↧