Update for WebAuth (CVE-2009-2945)

To: debian-security-tracker@lists.debian.org
Subject: Update for WebAuth (CVE-2009-2945)
From: Russ Allbery <rra@debian.org>
Date: Wed, 13 Jan 2010 12:40:23 -0800
Message-id: <[🔎] 877hrloi14.fsf@windlord.stanford.edu>

Hi folks,

The security tracker shows CVE-2009-2945 as unfixed, but this was fixed in
3.6.2-1 for unstable/testing (and is mentioned in the changelog).  It
didn't warrant a DSA, so the fix for stable went through
stable-proposed-updates, but it's there as 3.6.0-1+lenny1 for the next
stable release.  It was also fixed in 3.6.2-1~bpo50+1 for lenny-backports,
so only arm still has an issue there (presumably due to a missing build).

3.5.3 was never affected, so the etch versions of webauth don't have a
problem.

Thanks!

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: Update for WebAuth (CVE-2009-2945)
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Update package on old CVE
Next by Date: Re: Update package on old CVE
Previous by thread: Re: Update package on old CVE
Next by thread: Re: Update for WebAuth (CVE-2009-2945)
Index(es):
- Date
- Thread