notfound 2007.dfsg.2-4+lenny1 notfound 2009-3 stop On 13.12.09 Michael Gilbert (michael.s.gilb...@gmail.com) wrote:
> package: texlive-bin > severity: serious > tags: security > > Hi, > > The following CVE (Common Vulnerabilities & Exposures) ids were > published for expat. I have determined that this package embeds a > vulnerable copy of xmlparse.c and xmltok_impl.c. However, since this is > a mass bug filing (due to so many packages embedding expat), I have > not had time to determine whether the vulnerable code is actually > present in any of the binary packages derived from this source package. > Please determine whether this is the case. If the binary packages are > not affected, please feel free to close the bug with a message > containing the details of what you did to check. > I checked the build logs available at https://buildd.debian.org/ . I found no trace that these files are even compiled. I that sufficient to prove that we're not affected? Hilmar -- sigmentation fault -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org