On 2017-02-11 at 13:21:05 +0000, Luke Kenneth Casson Leighton wrote:
https://www.theregister.co.uk/2017/01/24/systemd_flaw/
"Newer" versions of systemd deployed by Fedora or Ubuntu have been secured, but Debian systems are still running an older version and therefore need updating.
Debian backports (when possibile) security fixes to the packages they distribute; a quick check for the CVE listed in that article shows that most debian systems should be fine:
https://security-tracker.debian.org/tracker/CVE-2016-2118
note that security fixes are released through the "<release> (security)" repository and only merged in "<release>" when there is a point update of it (every few months for as long as the release is supported) and most systems do have the security repository enabled (that happens by default with the installer and is considered a good practice).
Wheezy is still listed as vulnerable, but that's because it's out of regular support (since april 2016, currently only under LTS_ support), and thus there won't be another point release to include the changes published via the (security) repo.
.. _LTS: https://wiki.debian.org/LTS