On Fri, Dec 07, 2007 at 05:35:06PM +0100, Nico Golde wrote:
> Hi,
> * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2007-12-07 17:20]:
> > Author: dom
> > Date: 2007-12-07 16:17:48 +0000 (Fri, 07 Dec 2007)
> > New Revision: 7545
> [...]
> > -CVE-2007-5497
> > - RESERVED
> > +CVE-2007-5497 (Multiple integer overflows in libext2fs in e2fsprogs ...)
> > + - e2fsprogs 1.37-2sarge1
>
> Please read the narrative_introduction before commiting to
> the svn, please. sarge entries need a sarge tag.
D'oh, apologies. Missed that point. I think a lot's changed since I
last committed.
> > + - e2fsprogs 1.39+1.40-WIP-2006.11.14+dfsg-2
>
> Where did you get this information from?
> From what I can see the fix by Novell (namely
> e2fsprogs-VUL0_integer_overflow.patch from what I can see)
> is not fixed in unstable.
Oh dear, that was supposed to indicated that the package was vulnerable,
but that's duplicating information from the DSA data in any case.
so, how about:
[sarge] - e2fsprogs <unfixed>
- e2fsprogs <unfixed>
As the two lines for this?
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
