* Mark Wielaard: > On Mon, 2009-06-08 at 15:44 +0200, Florian Weimer wrote: >> Sorry, but this is way too late to be relevant to my question (which >> is about b11, not b14): The CVE-2008-5345 fix was not listed >> explicitly in the b14 round of fixes, otherwise I'd have an isolated >> patch I could examine. > > OK. Can you give some more information about what CVE-2008-5345 > precisely covers. I couldn't find any details.
This is precisely my problem. I want to make sure that we have the fix in Debian stable. If it was included in the b11 source drop, we should be fine. I thought Sun might be willing to share this piece of information, even if they don't want to disclose the precise nature of the bug.
