On Sat, 20 Oct 2007 12:22:05 +0200 Florian Weimer wrote: > * Francesco Poli: > > > DSA 1389-1 [1] claims that zoph version 0.3.3-12sarge2 fixes > > CVE-2007-3905 for sarge-security. > > However, the CVE page [2] states that zoph in sarge-security is > > still 0.3.3-12sarge1 and still vulnerable. > > This is technically correct because there is no -sarge2 in > oldstable-security. The -sarge2 version was mistakenly uploaded to > stable-security, that's why it's missing. Ah, that is why! Thanks for clarifying. > This will be rectified soon. Wonderful! :) > > > DSA 1390-1 [5] claims that t1lib version 5.0.2-3sarge1 and version > > 5.1.0-2etch1 fix CVE-2007-4033 for sarge-security and etch-security, > > respectively. > > However, the CVE page [6] states that those very versions are > > vulnerable. > > This was an editorial mistake, it should be fixed soon. Perfect! :) Thanks for your prompt reply and for keeping up the good job on Debian security! Bye. -- http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html Need to read a Debian testing installation walk-through? ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgpvJ3p1Pk3Ww.pgp
Description: PGP signature