[Secure-testing-team] Stable isn't vulnerable to CVE-2008-5101
Nico Golde
debian-secure-testing+ml at ngolde.de
Thu Nov 20 15:41:59 UTC 2008
Hi,
* Nelson A. de Oliveira <naoliv at debian.org> [2008-11-20 14:29]:
> I was looking http://security-tracker.debian.net/tracker/CVE-2008-5101
> and it says that the stable version of optipng is vulnerable to
> CVE-2008-5101. This should be fixed since the only vulnerable versions
> are 0.6 and 0.6.1 (stable is 0.5.5).
This is due how the tracker works, the version is unfixed
until it is marked as fixed by a version or explicitly
marked as not-affected.
> I can forward upstream email where he says "The versions affected are
> 0.6 and 0.6.1; version 0.5.5 is fine." just in case you need.
Yes please do so, so we can check that.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20081120/81342cc5/attachment.pgp
More information about the Secure-testing-team
mailing list