On 14.03.2016 23:10, Moritz Mühlenhoff wrote: >> CVE-2014-2383 should actually be already fixed in 0.6.1+dfsg-1. Is >> > that wrong? >> > >> > https://security-tracker.debian.org/tracker/CVE-2014-2383 >> > https://bugs.debian.org/745619 > Markus? Hi Moritz, as I said: Mail from Sun, 28 Feb 2016 19:51:01 +0100 > Thats seems to be correct, upstream mentioned it on 0.6.2 as well. > > I guess because CVE-2014-5013 is a follow-up for that. > > Will remove it from the changelog. I'd love to go forward mit the PU, if nobody has objections. Thats the part I was waiting on... I can update the diff if you like, difference only in the changelog and patch summary. Cheers Markus Frosch -- markus@lazyfrosch.de / lazyfrosch@debian.org http://www.lazyfrosch.de
Attachment:
signature.asc
Description: OpenPGP digital signature