Hi Michael, On Sunday 4 May 2008 01:59, Michael Gilbert wrote: > On 3/23/08, Michael Gilbert wrote: > > curious as to whether the issue was fixed, i looked through the > > 1.0.16-1 source code and compared it to the DSA-1505-1 patch for etch > > [2]. it looks to me like the patch is indeed applied. i suggest > > verifying with upstream that they agree that this has correctly been > > done. then the issue can be marked as fixed in sid. > > has anyone looked into this issue? i'm fairly certain that the > vulnerability was fixed way back in the upload of the 1.0.15-1 > alsa-driver source package. > > i think that CVE-2007-4571 can safely be removed from the latently > vulnerable list. I've checked it out and I agree that it's most likely to be fixed in 1.0.15-1 so I've marked it as such. Of course checking with upstream would be ideal as you suggest, so if you wish, please feel free to do so. thanks for letting us know, Thijs
Attachment:
pgp_8GdYsjpS0.pgp
Description: PGP signature