Hi all! According to DSA-1858-1 [1], a number of imagemagick vulnerabilities only affect etch (CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4987 CVE-2007-4988 CVE-2008-1096 CVE-2008-1097), while one affects etch and lenny (CVE-2009-1882). The latter (CVE-2009-1882) was fixed for lenny in version 7:6.3.7.9.dfsg2-1~lenny3. The tracker [2] seems to fail to correctly provide information about lenny, since it seems to think that all CVEs are fixed for lenny in version 7:6.3.7.9.dfsg2-1~lenny3 (while this is true for the last one only, as the other ones are already fixed in current lenny version, rather than in a security update). Moreover, the tracker seems to be still unaware of a 7:6.3.7.9.dfsg2-1~lenny3 security update for lenny (maybe because it has not yet been uploaded? see [3]). Please note that, on the other hand, etch, squeeze, and sid information seems to be OK in the tracker. Please fix these inconsistencies, if possible. [1] http://lists.debian.org/debian-security-announce/2009/msg00175.html [2] http://security-tracker.debian.net/tracker/DSA-1858-1 [3] http://packages.qa.debian.org/i/imagemagick.html -- New location for my website! Update your bookmarks! http://www.inventati.org/frx ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgph9qrHxhWwQ.pgp
Description: PGP signature