Re: gtk+2.0 2.6.4-3.1 (DSA 911-1)-- patch for CVE-2005-2976 not included?

To: debian-security@lists.debian.org
Subject: Re: gtk+2.0 2.6.4-3.1 (DSA 911-1)-- patch for CVE-2005-2976 not included?
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 7 Dec 2005 10:01:19 +0100
Message-id: <[🔎] slrndpd96v.4oe.jmm@inutil.org>
References: <[🔎] 1133925204.31772.3.camel@localhost.localdomain>

James Strandboge wrote:
> In reviewing the changelog and source for gtk+2.0, CVE-2005-3186 and
> CVE-2005-2975 are explicitly mentioned (and have patches in
> debian/patches).  However, CVE-2005-2976 is not mentioned in the
> changelog and does not have a separate patch in debian/patches, though
> it is mentioned in the DSA.  Is this an oversight in the changelog or
> was the patch not included? 

Gtk+2.0 from Sarge is not affected by CVE-2005-2976, see #339431 for more
information. It's mentioned because it applies to Woody.

Cheers,
        Moritz

Reply to:

References:
- gtk+2.0 2.6.4-3.1 (DSA 911-1)-- patch for CVE-2005-2976 not included?
  - From: James Strandboge <jamie@strandboge.com>

Prev by Date: Re: Re: Clear screen question
Next by Date: Highly Recommended Cailis ph
Previous by thread: gtk+2.0 2.6.4-3.1 (DSA 911-1)-- patch for CVE-2005-2976 not included?
Next by thread: Re: Re: Clear screen question
Index(es):
- Date
- Thread