reopen 463184
thanks
I've verified it in the source code:
The correct patch was used to address CVE-2006-4168, only the wrong
bug number was added to the DSA. Instead of #424775 this should've
read #430012.
ok. so, was the security issue described in bug #424775 actually ever
fixed?
did that upload of libexif actually address both CVE-2006-4168 and
CVE-2007-2645? if so, then the DSA should be updated to indicate that
this is the case. if not, then
http://idssi.enyo.de/tracker/status/release/unstable needs to be
updated to indicate that the CVE-2007-2645 vulnerability
Package: security.debian.org
Severity: grave
according to the bug report log [1], the 0.6.13-etch1 upload of
libexif12 fixed the security vulnerability described by CVE-2007-2645.
however, the associated DSA [2] says that the updload of 0.6.13-etch1
fixed the vulnerability described by
3 matches
Mail list logo
