before posting my question I had already checked the installed versions. Sorry for not pointing this out.

no, my version is not patched

sorry forgot to mention kernel information, the kernel doesn't get upgraded automatically with apt-get upgrade or apt-get dist-upgrade, you need to apt-get install linux-image-xxx , for me its linux-image-k7, so replace with whichever arch you are using. This installs installs the latest (ie updated/fixed) kernel and downloads from security.debian.org.

hope this helps

sno

I had the very same issue with 2 servers, whereas 2 other servers were upgraded without problems (using the same DNS server).

I have been told on the debian-user-french mailing list that one the 3 machines hosting security.d.o has had disk capacity problem. But I am not sure this explains the problem, as security.d.o has 3 IPs, and the DNS takes one at random, thus with the numerous tests I have made, I think I should have hit one of the updated servers...
With Firefox, all my tests were successful (testing the /pool directory and the Packages.bz2 file).

Several French users reported the same issue.

Cheers,
Julien

yes, now I was indeed able to update it.

I wonder why they publish the vulnerabilities if one cannot patch the systems straight ahead. Maybe the security repository is replicated across different servers in different countries and the replication has not worked properly this time.