[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: gtk+2.0 2.6.4-3.1 (DSA 911-1)-- patch for CVE-2005-2976 not included?

James Strandboge wrote:
> In reviewing the changelog and source for gtk+2.0, CVE-2005-3186 and
> CVE-2005-2975 are explicitly mentioned (and have patches in
> debian/patches).  However, CVE-2005-2976 is not mentioned in the
> changelog and does not have a separate patch in debian/patches, though
> it is mentioned in the DSA.  Is this an oversight in the changelog or
> was the patch not included? 

Gtk+2.0 from Sarge is not affected by CVE-2005-2976, see #339431 for more
information. It's mentioned because it applies to Woody.


Reply to: