Re: Update for WebAuth (CVE-2009-2945)

To: Russ Allbery <rra@debian.org>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: Update for WebAuth (CVE-2009-2945)
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 13 Jan 2010 21:46:15 +0100
Message-id: <[🔎] 20100113204615.GA2650@galadriel.inutil.org>
In-reply-to: <[🔎] 877hrloi14.fsf@windlord.stanford.edu>
References: <[🔎] 877hrloi14.fsf@windlord.stanford.edu>

Hi,

> The security tracker shows CVE-2009-2945 as unfixed, but this was fixed in
> 3.6.2-1 for unstable/testing (and is mentioned in the changelog).  It
> didn't warrant a DSA, so the fix for stable went through
> stable-proposed-updates, but it's there as 3.6.0-1+lenny1 for the next
> stable release.  It was also fixed in 3.6.2-1~bpo50+1 for lenny-backports,
> so only arm still has an issue there (presumably due to a missing build).

I've added the 3.6.0-1+lenny1 update to the Tracker. Note that it
will still be marked as open until the spu update is actually installed
into the next point update.

Thanks,
        Moritz

Reply to:

References:
- Update for WebAuth (CVE-2009-2945)
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: Update package on old CVE
Next by Date: Re: mantis: doubt about fixing bug
Previous by thread: Update for WebAuth (CVE-2009-2945)
Next by thread: No tracker page for DSA-1971-1
Index(es):
- Date
- Thread