Hi all, again! DSA-1798-1 [1] has just been issued. This DSA states that CVE-2009-1194 is fixed for squeeze and sid in pango1.0 version 1.24-1. However, assuming I read pango1.0 changelog [2] correctly, this version does not exist: current squeeze and sid version is 1.24.0-3. Since this non-existent fixed version is less than the current squeeze/sid version, the tracker infers that squeeze and sid are fixed. However the corresponding bug report is still open [3]. [1] http://lists.debian.org/debian-security-announce/2009/msg00109.html [2] http://packages.debian.org/changelogs/pool/main/p/pango1.0/current/changelog [3] http://bugs.debian.org/527474 What's wrong? Please clarify and/or fix the inconsistency. P.S.: Please Cc: me on replies, as I am not a list subscriber. Thanks. -- New location for my website! Update your bookmarks! http://www.inventati.org/frx ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgp2O2fjtHkFS.pgp
Description: PGP signature