Re: libxfont1 issues should not show up in the latently vulnerable packages list
>> it appears that the recent libxfont1 issues (CVE-2007-5760,
>> CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, and CVE-2007-6429) never
>> affected sid (they were applicable only to sarge and etch [1]).
>
> They were applicable to sid too, but have nothing to do with libXfont,
> they are bugs in the X server. CVE-2008-0006 was fixed at the same
> time, and actually affected libXfont.
if that is the case, then shouldn't these libxfont1 issues be removed
from the "Latently vulnerable packages in unstable" list [1]?
looking at the individual CVEs (CVE-2007-5760, CVE-2007-5958,
CVE-2007-6427, CVE-2007-6428, and CVE-2007-6429), they all say that
unstable is "not vulnerable".
[1] http://security-tracker.debian.net/tracker/data/latently-vulnerable
Reply to: