On Fri, 14 Aug 2009 22:46:49 +0200, Giuseppe Iuculano wrote: > Michael S Gilbert ha scritto: > > i don't mean to question the accuracy of this change, but just out of > > curiousity, how did an issue with a cve assigned in august 2007 [0] > > get fixed in may 2007? i understand that that's a short (3 month) > > difference and debian could have been aware ahead of cve assignment. > > Because in DSA-1285-1 the security team uploaded a new upstream security > release, 2.0.10-1, and that issue was fixed in 2.1.3 and 2.0.10 (legacy > version).
ok, i can't find that claimed in the 2.0.10 etch package nor in any of the upstream announcements, and there are no code references from mitre to check against. perhaps i have missed something or you have verified against the proof-of-concept? mike _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
