Author: hertzog Date: 2014-12-12 14:32:15 +0000 (Fri, 12 Dec 2014) New Revision: 30711
Modified: data/DLA/list Log: DLA-100-1 actually fixed CVE-2014-9116 and not CVE-2014-0467 CVE-2014-0467 had already been fixed by DSA 2874-1 with version 1.5.20-9+squeeze3. The Debian changelog entries (both in 1.5.21-6.2+deb7u3 and in 1.5.20-9+squeeze4) contain a bad CVE number that lead to this mixup. The entry has been fixed in git: http://anonscm.debian.org/cgit/pkg-mutt/mutt.git/commit/?h=wheezy-updates&id=5bd634e118fadacec9ee45d5a7959eb95efdc6a2 Modified: data/DLA/list =================================================================== --- data/DLA/list 2014-12-12 14:32:13 UTC (rev 30710) +++ data/DLA/list 2014-12-12 14:32:15 UTC (rev 30711) @@ -17,7 +17,7 @@ {CVE-2014-9029} [squeeze] - jasper 1.900.1-7+squeeze2 [05 Dec 2014] DLA-100-1 mutt - security update - {CVE-2014-0467} + {CVE-2014-9116} [squeeze] - mutt 1.5.20-9+squeeze4 [05 Dec 2014] DLA-99-1 flac - security update {CVE-2014-8962 CVE-2014-9028} _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
