The tracker page [1] for CVE-2008-3699 says "Debian/stable not known to be vulnerable", yet in the next section it says that "etch 1.4.4-4 vulnerable". These two statements contradict one another, and lead one clueless as to whether the issue has been fixed or not in stable. The tracker should be updated with correct information. [1] http://security-tracker.debian.net/tracker/CVE-2008-3699