I believe I have another example of a more serious mistake:
grave bugs of bzip2 (1.0.5-0.1 - 1.0.5-1) done
#471670 - bzip2: CVE-2008-1372 buffer over-read via crafted archive file
(Fixed: 1.0.5-0.1)
I have the version that fixes the CVE issue, and yet apt-listbugs warns about
the bug, as if
Package: arb
Version: 0.0.20071207.1-4
Severity: normal
Tags: patch
The default ARB_NAME_SERVER in the arb configuration is /var/lib/arb/lib/nas/,
whereas the default one created by
the deb is /var/lib/arb/nas/. Since this resides in /etc, it's inaccessible for
local users to change.
--
The patch is missing the id for the E620 model. From the launchpad bug report:
I'd like to clarify something in my posts, in case it was confusing: the patch
doesn't work for the E620, because it only looks specifically for the id of
the E220 (1003), whereas the E620 has a different id (1001).
3 matches
Mail list logo