Arne Wichmann wrote: > Hi, > > I see that CVE-2011-1071 (#615120) is done in testing - shouldn't it be > fixed in stable, too? Yes, Debian security is done by volunteers with limited time, so the best way to get things fixed is to volunteer to do the work yourself (especially in cases like this where no one is working on it). Best wishes, Mike