[Debian-med-packaging] Bug#560945: closed by Mathieu Malaterre
michael.s.gilbert at gmail.com
Mon Dec 14 00:02:04 UTC 2009
On Sun, 13 Dec 2009 18:18:04 +0000 Debian Bug Tracking System wrote:
> This is an automatic notification regarding your Bug report
> which was filed against the vxl package:
> #560945: CVE-2009-3560 and CVE-2009-3720 denial-of-services
> It has been closed by Mathieu Malaterre.
i don't think that this was sufficiently addressed. i checked an ldd
of all of the vxl libraries and none are using the system expat. there
are two possibilties: one is that none of the libraries use expat, and
the other is is that they are still using the embedded copy. please
make sure you are passing --with-expat=system to your configure script.
More information about the Debian-med-packaging