On Mon, 19 Apr 2010 15:46:38 +0200, Alexander Reichle-Schmehl wrote: > [ BCCing cairo maintainers, if they would like to comment ] > > Hi! > > I'm maintaining the cairo backports, and according to the security > tracker [0], the current backport (from 1.8.8-2) should be affected by > CVE-2009-2044. I checked the patches linked from [2], and it seems to > me, the bug is already fixed in the backported version 1.8.8-2. > > The security tracker currently lists 1.8.10-3 as the package fixing that > version, however that package revision doesn't mention anything like > that in the changelog; it mostly introduced udebs at that point. (Or > maybe that version was taken, as it was the first upload to unstable?) > > So could it be, that the security tracker is wrong?
yes, that's a possibility. i only checked back to 1.8.10-3 since that was the squeeze version. i usually only check the officially supported releases (stable, testing, and kind of unstable), so if you've found the problem fixed in backports, we can update the tracker, but that won't normally be checked (unless backports support becomes official). mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
