Updated openafs packages has been released for Debian 7 LTS
Package : openafs
Version : 1.6.1-3+deb7u7
CVE ID : CVE-2016-9772
It was discovered that there was an information leak vulnerability in
openafs, a distributed filesystem.
Due to incomplete initialization or clearing of reused memory, OpenAFS
directory objects are likely to contain 'dead' directory entry
information.
For Debian 7 "Wheezy", this issue has been fixed in openafs version
1.6.1-3+deb7u7.
We recommend that you upgrade your openafs packages.