[Secure-testing-team] Stable isn't vulnerable to CVE-2008-5101

Nico Golde debian-secure-testing+ml at ngolde.de
Thu Nov 20 15:41:59 UTC 2008


Hi,
* Nelson A. de Oliveira <naoliv at debian.org> [2008-11-20 14:29]:
> I was looking http://security-tracker.debian.net/tracker/CVE-2008-5101
> and it says that the stable version of optipng is vulnerable to
> CVE-2008-5101. This should be fixed since the only vulnerable versions
> are 0.6 and 0.6.1 (stable is 0.5.5).

This is due how the tracker works, the version is unfixed 
until it is marked as fixed by a version or explicitly 
marked as not-affected.

> I can forward upstream email where he says "The versions affected are
> 0.6 and 0.6.1; version 0.5.5 is fine." just in case you need.

Yes please do so, so we can check that.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20081120/81342cc5/attachment.pgp 


More information about the Secure-testing-team mailing list