(Please Cc: me, I'm not subscribed) Hello, I report that imp4/etch is *not* vulnerable for CVE-2007-1515 (corrected in #415117). I add CVE-id to imp4's changelog in our GNU Arch repository but I mention it here because no upload is expected in next weeks. Regards, -- Gregory Colpart <reg@evolix.fr> GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/