[Secure-testing-team] [Secure-testing-commits] r12595 - in data: CVE DSA
Michael S. Gilbert
michael.s.gilbert at gmail.com
Fri Aug 14 21:10:33 UTC 2009
On Fri, 14 Aug 2009 22:46:49 +0200, Giuseppe Iuculano wrote:
> Michael S Gilbert ha scritto:
> > i don't mean to question the accuracy of this change, but just out of
> > curiousity, how did an issue with a cve assigned in august 2007 [0]
> > get fixed in may 2007? i understand that that's a short (3 month)
> > difference and debian could have been aware ahead of cve assignment.
>
> Because in DSA-1285-1 the security team uploaded a new upstream security
> release, 2.0.10-1, and that issue was fixed in 2.1.3 and 2.0.10 (legacy version).
ok, i can't find that claimed in the 2.0.10 etch package nor in any of
the upstream announcements, and there are no code references from mitre
to check against. perhaps i have missed something or you have verified
against the proof-of-concept?
mike
More information about the Secure-testing-team
mailing list