On Sunday 11 November 2007 21:12, nion@alioth.debian.org wrote: > Modified: data/DSA/list > =================================================================== > --- data/DSA/list 2007-11-11 18:50:43 UTC (rev 7279) > +++ data/DSA/list 2007-11-11 20:12:51 UTC (rev 7280) > @@ -1,3 +1,7 @@ > +[09 Nov 2007] DSA-1405-2 zope-cmfplone - arbitrary code > + {CVE-2007-5741} > + [etch] - zope-cmfplone 2.5.1-4etch2 > + NOTE: the previous DSA introduced a regression > [09 Nov 2007] DSA-1406-1 horde3 - several vulnerabilities > {CVE-2006-3548 CVE-2006-3549 CVE-2006-4256 CVE-2007-1473 CVE-2007-1474} > [sarge] - horde3 3.0.4-4sarge6. I thought about this but doubted that it was necessary. The thing is that the first DSA does actually close the bug, and strictly speaking the followup DSA update only corrects a grave but non security bug. Not sure it really matters, in any case, and it doesn't hurt to add it, I guess. Thijs
Attachment:
pgpRfCZpyj3Gm.pgp
Description: PGP signature