> http://security-tracker.debian.net/tracker/CVE-2007-5116 > > is uninformative, but that is cve id that redhat and others are > referring to.
I've added some more information, including a link to the upstream patch (whose essence applies cleanly to the versions in sarge and etch). As a side effect of the problem described in <http://lists.debian.org/debian-devel-announce/2007/11/msg00001.html> building security updates involves even more manual work than usual. I can't say for sure when we will release the update, I'm afraid, but I hope it won't take much longer. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
