[Secure-testing-team] [Secure-testing-commits] r6683 - data/CVE
Nico Golde
nion at debian.org
Mon Sep 24 21:03:39 UTC 2007
Hi,
* white at alioth.debian.org <white at alioth.debian.org> [2007-09-24 21:50]:
> Author: white
> Date: 2007-09-24 15:26:36 +0000 (Mon, 24 Sep 2007)
> New Revision: 6683
>
> Modified:
> data/CVE/list
> Log:
> Add NOTE for maintainer's opinion
[...]
> CVE-2007-3741 (The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp ...)
> - gimp <unfixed>
> - TODO: Poke maintainer, might be a non-issue, as upstream is fairly well organized
> + NOTE: maintainer states that this is not an issue
Now I want to discuss this issue since I am slightly
confused now. I once marked 2.2.16-1 as fixed since I
downloaded the mandriva source package with the update,
isolated the patch and looked at the source code. To be sure
about this issue I talked to Ari about this issue to be sure
I am right with this and got:
2007-09-17 18:58 <ari> i'm not aware of 2.2.17 still being vulnerable
Then this bug was marked as unfixed with the old TODO you
see in the diff. I wrote Moritz a mail because of this but
have no answer yet, I guess because of his holidays.
And now I see this note. So what is really up with this?
Kind regards
Nico
--
Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070924/cba936ba/attachment.pgp
More information about the Secure-testing-team
mailing list