No version before 1.0.9 is vulnerable - they do not use libtool and ltdl. That leaves: testing/squeeze 1.0.9-2 unstable/sid 1.0.9-3
which are vulnerable. No etch or lenny releases are vulnerable. redland 1.0.9 upstream was built with libtool 2.2.6 so patching source file redland-1.0.9/libltdl/ltdl.c with the one from the 2.2.6b release should fix it. Dave -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org