I believe I have another example of a more serious mistake: grave bugs of bzip2 (1.0.5-0.1 -> 1.0.5-1) <done> #471670 - bzip2: CVE-2008-1372 buffer over-read via crafted archive file (Fixed: 1.0.5-0.1)
I have the version that fixes the CVE issue, and yet apt-listbugs warns about the bug, as if it's not also closed in the next version. This is not only misleading or ambiguous, but in fact wrong information, unless apt-listbugs have another information source than the version numbers. I'm also checking the changelog and no mention of removing the patch or regression, and the bug report does not mention explicitly that the bug is found in 1.0.5-1. regards FF -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
