Comment 7 for bug 1581381

I read the date wrong for the package in Vivid. Vivid is still vulnerable.

9.20.1~dfsg.1-4.1+deb8u2 does exist in Debian stable-sec that could be synced to Vivid though.