Re: Wrong fixed version for cairo and CVE-2009-2044?
* Michael Gilbert <firstname.lastname@example.org> [2010-04-19 17:15:53 CEST]:
> On Mon, 19 Apr 2010 15:46:38 +0200, Alexander Reichle-Schmehl wrote:
> > So could it be, that the security tracker is wrong?
> yes, that's a possibility. i only checked back to 1.8.10-3 since that
> was the squeeze version. i usually only check the officially supported
> releases (stable, testing, and kind of unstable), so if you've found
> the problem fixed in backports, we can update the tracker, but that
> won't normally be checked (unless backports support becomes official).
This sounds reasonable - but actually the changelog isn't too cryptic
here and I don't see anything in either 1.8.10-3 nor even 1.8.10-2 that
would cause them to fix anything security related. I know that it can
only be a wish, but could you at least try to read the according
changelogs to see wether the version in squeeze could at least remotely
have something to do with that the issue has gone away, and try to get
more accurate informations in the tracker with minimum effort.
backports is at least included in the tracker for some reason and I
mostly Stefan Fritsch and a bit of myself worked on having this
happening so it would be at least kind to the spirit of trying to work
for the effort, not against it.