Hello [Cc to the security team.] On 2004-12-15 Adam Conrad wrote: > Christian Hammers wrote: > > > > I cannot find a reference to CAN-2003-0987 for Debian Woody. > > It has been fixed in unstable/sarge in version 1.3.29.0.2-5. > > While it appears to be true that this hasn't been fixed in Woody, it's > also pretty low risk, since mod_digest doesn't even work with modern > browsers, and hence is rarely used. (mod_auth_digest, which does work > with modern browsers, doesn't have the security hole) Can you then add some kind of "+ wontfix woody" to the bug report? It's just for people who see a Redhat/Mandrake/etc bug report and then try to compare the CAN numbers with the Debian changelog. To the security team: It's ok if some bugs are not worth fixing them, I leave the decission to you and the maintainer but what is the right way to check this? Maybe the nonvulns-woody could be enhanced by this CAN numbers, too? BTW: The search engine on www.debian.org does not even find the CAN numbers for the latest security reports :) I file a bug for this separately. bye, -christian-
Attachment:
pgpisMx3XQRSB.pgp
Description: PGP signature