Henrique de Moraes Holschuh wrote: > Found it. From: Martin Schulze <[EMAIL PROTECTED]>, Message-ID: > <[EMAIL PROTECTED]>, and Message-ID: > <[EMAIL PROTECTED]> at > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=282681
"Please add this id to the proper changelog entry with the next upload." That's easily misinterpreted, although I won't try to guess which of us is doing so. One thing that this bug illustrates pretty well that is quite annoying when trying to determine what version of a package actually fixed a security hole, is new upstream releases that are listed in the changelog as fixing a particular CVE, when the hole was actually fixed in a previous debian revision of the old upstream version. That's a case where clarity is very useful in the changelog. (So is proper use of the new version tracking features of the BTS.) -- see shy jo
signature.asc
Description: Digital signature