Update for WebAuth (CVE-2009-2945)
Hi folks,
The security tracker shows CVE-2009-2945 as unfixed, but this was fixed in
3.6.2-1 for unstable/testing (and is mentioned in the changelog). It
didn't warrant a DSA, so the fix for stable went through
stable-proposed-updates, but it's there as 3.6.0-1+lenny1 for the next
stable release. It was also fixed in 3.6.2-1~bpo50+1 for lenny-backports,
so only arm still has an issue there (presumably due to a missing build).
3.5.3 was never affected, so the etch versions of webauth don't have a
problem.
Thanks!
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: