Hi Simon, On Thu, Jun 12, 2014 at 08:15:24PM +0100, Simon McVittie wrote: > In case the mention of the CVE ID in debian/changelog is not enough for > someone to update the security tracker: CVE-2014-3477 is fixed in > dbus/1.6.8-1+deb7u2, which was just accepted into proposed-updates. > > It was also fixed in dbus/1.8.4-1 for testing/unstable. > > If this change is desired in squeeze-lts (it's only a local denial of > service and there was no DSA, so perhaps not), the upstream dbus-1.2 > branch on freedesktop.org has a commit with some trivial merge conflicts > (whitespace) resolved. I don't intend to upload to squeeze-lts myself.
Just to confirm the security-tracker information: unstable already marked as fixed. For wheezy it is on the next-point-update list, which will be merged when the next Wheezy point release is released. Thanks for notifying! Regards, Salvatore -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
