>> it appears that the recent libxfont1 issues (CVE-2007-5760, >> CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, and CVE-2007-6429) never >> affected sid (they were applicable only to sarge and etch [1]). > > They were applicable to sid too, but have nothing to do with libXfont, > they are bugs in the X server. CVE-2008-0006 was fixed at the same > time, and actually affected libXfont.
if that is the case, then shouldn't these libxfont1 issues be removed from the "Latently vulnerable packages in unstable" list [1]? looking at the individual CVEs (CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, and CVE-2007-6429), they all say that unstable is "not vulnerable". [1] http://security-tracker.debian.net/tracker/data/latently-vulnerable -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
