Bug#707776: Why is 4.10.5 marked as vulnerable, fix was in 4.10.4?

To: 707776@bugs.debian.org
Subject: Bug#707776: Why is 4.10.5 marked as vulnerable, fix was in 4.10.4?
From: Andrew Goodbody <ajg02@elfringham.co.uk>
Date: Sun, 25 Aug 2013 22:48:43 +0100
Message-id: <[🔎] 521A7BBB.9050202@elfringham.co.uk>
Reply-to: Andrew Goodbody <ajg02@elfringham.co.uk>, 707776@bugs.debian.org

The upstream fixes mentioned in [1] appear to have gone into 4.10.4.Looking at the Debian source [2] for the package in Sid, ie 4.10.5 showsthe fixes included.


So why does CVE-2013-2074 [3] show sid as vulnerable?


[1] https://bugs.kde.org/show_bug.cgi?id=319428
[2] http://sources.debian.net/src/kde4libs/4:4.10.5-1/kioslave/http/http.cpp
[3] https://security-tracker.debian.org/tracker/CVE-2013-2074

Reply to:

Prev by Date: Processed (with 5 errors): Bug can be closed
Next by Date: Processing of pkg-kde-tools_0.15.8_amd64.changes
Previous by thread: Processed (with 5 errors): Bug can be closed
Next by thread: Processing of pkg-kde-tools_0.15.8_amd64.changes
Index(es):
- Date
- Thread