CVE-2013-0240 misreported as fixed in experimental

To: debian-security-tracker@lists.debian.org
Subject: CVE-2013-0240 misreported as fixed in experimental
From: Simon McVittie <smcv@debian.org>
Date: Wed, 06 Feb 2013 15:17:42 +0000
Message-id: <[🔎] 51127416.8010508@debian.org>

https://security-tracker.debian.org/tracker/CVE-2013-0240 says:

gnome-online-accounts wheezy       3.4.2-1 vulnerable
                      sid          3.4.2-2 fixed
                      experimental 3.6.1-1 fixed

but the bug is not fixed in experimental, and the BTS' version-tracking
knows that:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699825

(The version in experimental branched from unstable long before this bug
was fixed.)

I'm afraid I don't currently have time to do a backport to 3.6 myself,
but hopefully either upstream, or distributions like Ubuntu that ship
this package in their stable distribution, will.
<https://bugzilla.gnome.org/show_bug.cgi?id=693214> is the upstream bug.

Regards,
    S

Reply to:

Follow-Ups:
- Re: CVE-2013-0240 misreported as fixed in experimental
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: External check
Next by Date: External check
Previous by thread: [prsc.debian.net] PRSC Fix accepted
Next by thread: Re: CVE-2013-0240 misreported as fixed in experimental
Index(es):
- Date
- Thread