Michael S Gilbert ha scritto: > i don't mean to question the accuracy of this change, but just out of > curiousity, how did an issue with a cve assigned in august 2007 [0] > get fixed in may 2007? i understand that that's a short (3 month) > difference and debian could have been aware ahead of cve assignment.
Because in DSA-1285-1 the security team uploaded a new upstream security release, 2.0.10-1, and that issue was fixed in 2.1.3 and 2.0.10 (legacy version). Cheers, Giuseppe
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
