At Mon, 25 Aug 2008 10:06:12 -0300, Felipe Figueiredo wrote: > > I believe I have another example of a more serious mistake: > > grave bugs of bzip2 (1.0.5-0.1 -> 1.0.5-1) <done> > #471670 - bzip2: CVE-2008-1372 buffer over-read via crafted archive file > (Fixed: 1.0.5-0.1) > > I have the version that fixes the CVE issue, and yet apt-listbugs warns about > the bug, as if it's not also closed in the next version. This is not only > misleading or ambiguous, but in fact wrong information, unless apt-listbugs > have another information source than the version numbers. > > I'm also checking the changelog and no mention of removing the patch or > regression, and the bug report does not mention explicitly that the bug is > found in 1.0.5-1.
Attach your debug logs please. -- [EMAIL PROTECTED],debian.org} -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
