Hi, * Gregory Colpart <reg@evolix.fr> [2007-09-24 11:26]: > I report that imp4/etch is *not* vulnerable for > CVE-2007-1515 (corrected in #415117). I add CVE-id to imp4's > changelog in our GNU Arch repository but I mention it here > because no upload is expected in next weeks. Thanks, marked this in the tracker, I can confirm this. Please include some information why it is not affected next time since it took me some time now to find out that you already patch the code in diff.gz while the code in the tarball is vulnerable. Kind regards Nico -- Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpQuVVqjznOz.pgp
Description: PGP signature