CVE-2013-0240 misreported as fixed in experimental
https://security-tracker.debian.org/tracker/CVE-2013-0240 says:
gnome-online-accounts wheezy 3.4.2-1 vulnerable
sid 3.4.2-2 fixed
experimental 3.6.1-1 fixed
but the bug is not fixed in experimental, and the BTS' version-tracking
knows that:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699825
(The version in experimental branched from unstable long before this bug
was fixed.)
I'm afraid I don't currently have time to do a backport to 3.6 myself,
but hopefully either upstream, or distributions like Ubuntu that ship
this package in their stable distribution, will.
<https://bugzilla.gnome.org/show_bug.cgi?id=693214> is the upstream bug.
Regards,
S
Reply to: