Re: DSA-361-2
On Mon, Aug 11, 2003 at 12:22:13PM +0200, Gian Piero Carrubba wrote:
> Il lun, 2003-08-11 alle 02:58, Matt Zimmerman ha scritto:
>
> > > I haven't found 2.2.2-6woody2 in the changelog, however 2.2.2-6 has been
> > > released in december 2001
> >
> > 2.2.2-6woody2 is a later version than 2.2.2-6. 2.2.2-6 has the bugs,
> > 2.2.2-6woody2 has the fixes.
>
> 2.2.2-6 has been released on dec 13 2001, 2.2.2-7 on dec 14 2001
> (following the changelog), so 2.2.2-6woody2 should be dated between
> these 2 days, am i right?
No. It is a new version on the stable branch, which was created based on
older code at a later date.
> > I do not understand the problem.
>
> DSA-361-1 states that the vulnerabilities reported have been fixed in
> 2.2.2-13.woody.8 (and this is the version you can find in the
> repository)... DSA-361-2 is the same advisory, except that it states
> that the vulnerabilities have been fixed in 2.2.2-6woody2... and i think
> that's someway strange that 2 vulnerabilities from this year have been
> addressed almost 2 years ago (well, not impossible with debian :) )...
> but then, what's the purpose of 2.2.2-13.woody.8?
DSA-361-1 and DSA-361-2 address different packages.
--
- mdz
Reply to: