On Mon, 11 May 2009 12:28:50 am Francesco Poli wrote: > Hi all, again! > > DSA-1798-1 [1] has just been issued. > This DSA states that CVE-2009-1194 is fixed for squeeze and sid in > pango1.0 version 1.24-1. > However, assuming I read pango1.0 changelog [2] correctly, this version > does not exist: current squeeze and sid version is 1.24.0-3. > Since this non-existent fixed version is less than the current > squeeze/sid version, the tracker infers that squeeze and sid are fixed. > However the corresponding bug report is still open [3]. > > [1] http://lists.debian.org/debian-security-announce/2009/msg00109.html > [2] > http://packages.debian.org/changelogs/pool/main/p/pango1.0/current/changelo >g [3] http://bugs.debian.org/527474 > > What's wrong? > Please clarify and/or fix the inconsistency. Fixed, forgot the .0 in the upstream version. Bug closed as well, fix is in sid/squeeze. Cheers Steffen
Attachment:
signature.asc
Description: This is a digitally signed message part.