Hi folks, The security tracker shows CVE-2009-2945 as unfixed, but this was fixed in 3.6.2-1 for unstable/testing (and is mentioned in the changelog). It didn't warrant a DSA, so the fix for stable went through stable-proposed-updates, but it's there as 3.6.0-1+lenny1 for the next stable release. It was also fixed in 3.6.2-1~bpo50+1 for lenny-backports, so only arm still has an issue there (presumably due to a missing build).
3.5.3 was never affected, so the etch versions of webauth don't have a problem. Thanks! -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
