Thijs Kinkhorst wrote:
> On Mon, 2005-12-19 at 08:49 +0100, Martin Schulze wrote:
> > You didn't mention CVE-2005-3417. Is the version in sarge not vulnerable
> > to it? Or did you miss it? Or did you just didn't document this?
>
> This has been fixed but indeed isn't documented in the changelog. The
> fact is that CVE-2005-341{5,6,7} are all concentrated in one function,
> that function has been fixed. Should we add that CVE id aswell and
> rebuild or is that not necessary?
Since I've already moved the package into the security queue, we'll
only mention this cve name in the advisory. In the sid version, however,
please add the missing id to the changelog when you're doing the next
upload.
Regards,
Joey
--
A mathematician is a machine for converting coffee into theorems. Paul Erdös
