nion@alioth.debian.org wrote: > CVE-2005-4856 (The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, ...) > - TODO: check > + - ezpublish <not-affected> (Debian's version is too old) Don't add <not-affected> entries w/o proper information why Debian is not affected. At least add a note explaining the circumstances. Just because the bug description doesn't mention it, is not a sufficient reason. Cheers, Moritz