Re: CVE-2007-1515: imp4/etch not vulnerable

To: Gregory Colpart <reg@evolix.fr>
Cc: debian-security-tracker@lists.debian.org, pkg-horde-hackers@lists.alioth.debian.org
Subject: Re: CVE-2007-1515: imp4/etch not vulnerable
From: Nico Golde <nion@debian.org>
Date: Mon, 24 Sep 2007 12:04:01 +0200
Message-id: <[🔎] 20070924100401.GC30148@ngolde.de>
In-reply-to: <[🔎] 20070924074216.GC3213@test-scsi>
References: <[🔎] 20070924074216.GC3213@test-scsi>

Hi,
* Gregory Colpart <reg@evolix.fr> [2007-09-24 11:26]:
> I report that imp4/etch is *not* vulnerable for 
> CVE-2007-1515 (corrected in #415117). I add CVE-id to imp4's
> changelog in our GNU Arch repository but I mention it here
> because no upload is expected in next weeks.

Thanks, marked this in the tracker, I can confirm this.
Please include some information why it is not affected next 
time since it took me some time now to find out that you 
already patch the code in diff.gz while the code in the 
tarball is vulnerable.
Kind regards
Nico
-- 
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpQuVVqjznOz.pgp
Description: PGP signature

Reply to:

References:
- CVE-2007-1515: imp4/etch not vulnerable
  - From: Gregory Colpart <reg@evolix.fr>

Prev by Date: Re: CVE-2007-1515: imp4/etch not vulnerable
Next by Date: Re: CVE-2007-1515: imp4/etch not vulnerable
Previous by thread: Re: CVE-2007-1515: imp4/etch not vulnerable
Index(es):
- Date
- Thread