* Francesco Poli: > DSA 1389-1 [1] claims that zoph version 0.3.3-12sarge2 fixes > CVE-2007-3905 for sarge-security. > However, the CVE page [2] states that zoph in sarge-security is still > 0.3.3-12sarge1 and still vulnerable.
This is technically correct because there is no -sarge2 in oldstable-security. The -sarge2 version was mistakenly uploaded to stable-security, that's why it's missing. This will be rectified soon. > DSA 1390-1 [5] claims that t1lib version 5.0.2-3sarge1 and version > 5.1.0-2etch1 fix CVE-2007-4033 for sarge-security and etch-security, > respectively. > However, the CVE page [6] states that those very versions are > vulnerable. This was an editorial mistake, it should be fixed soon. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
