On Sat, Dec 12, 2009 at 10:45:52PM -0500, Michael Gilbert wrote: > The following CVE (Common Vulnerabilities & Exposures) ids were > published for expat. I have determined that this package embeds a > vulnerable copy of xmlparse.c and xmltok_impl.c. However, since this is > a mass bug filing (due to so many packages embedding expat), I have > not had time to determine whether the vulnerable code is actually > present in any of the binary packages derived from this source package. > Please determine whether this is the case. If the binary packages are > not affected, please feel free to close the bug with a message > containing the details of what you did to check. [...]
Raphael, this bug has not received any reply from you since Dec 12, 2009. Could you please look into this? As it is currently tagged it is a release-critical bug. Kind regards, Philipp Kern
signature.asc
Description: Digital signature