[Secure-testing-team] Bug#484728: roundup: security hole: CVE-2008-1475
Thijs Kinkhorst
thijs at debian.org
Fri Jun 6 04:51:47 UTC 2008
Hi Alvaro,
On Friday 6 June 2008 00:27, Alvaro Herrera wrote:
> I see that there isn't a fix for Debian for this bug:
>
> http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1475
> http://sourceforge.net/tracker/index.php?func=detail&aid=1907211&group_id=3
>1577&atid=402788
>
> Apparently, the Debian version is thus vulnerable.
Thank you for this report.
The version in Debian stable is not vulnerable because the code was introduced
in 1.4.0.
However, the version in testing/sid has the most recent changelog entry
predating the report of the security bug you mention and I see no other
evidence that it has indeed been fixed, so I've marked it as unfixed in our
tracker and it will hopefully be dealt with soon.
cheers,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080606/0cd632e3/attachment.pgp
More information about the Secure-testing-team
mailing list