[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Secure-testing-commits] r7280 - data/DSA



On Sunday 11 November 2007 21:12, nion@alioth.debian.org wrote:
> Modified: data/DSA/list
> ===================================================================
> --- data/DSA/list	2007-11-11 18:50:43 UTC (rev 7279)
> +++ data/DSA/list	2007-11-11 20:12:51 UTC (rev 7280)
> @@ -1,3 +1,7 @@
> +[09 Nov 2007] DSA-1405-2 zope-cmfplone - arbitrary code
> +	{CVE-2007-5741}
> +	[etch] - zope-cmfplone 2.5.1-4etch2
> +	NOTE: the previous DSA introduced a regression
>  [09 Nov 2007] DSA-1406-1 horde3 - several vulnerabilities
>  	{CVE-2006-3548 CVE-2006-3549 CVE-2006-4256 CVE-2007-1473 CVE-2007-1474}
>  	[sarge] - horde3 3.0.4-4sarge6.

I thought about this but doubted that it was necessary. The thing is that the 
first DSA does actually close the bug, and strictly speaking the followup DSA 
update only corrects a grave but non security bug.

Not sure it really matters, in any case, and it doesn't hurt to add it, I 
guess.


Thijs

Attachment: pgpsPQ6FGIgcr.pgp
Description: PGP signature


Reply to: