The information below is based on the following data on fixed versions.
|Package||Type||Release||Fixed Version||Urgency||Origin||Debian Bugs|
fixed in testing at time of DSA
The fix for stable and oldstable switched from a black list
of dangerous env vars to a white list of known-to-be-safe env vars
sid's 1.6.8p12 still has the black list (although with the strong
recommendation to use env_reset, which basically does the same),
but 1.7 will have a white list as well