Re: [SECURITY] [DSA 1292-1] New qt4-x11 packages fix cross-site scripting vulnerability

To: Andrew Vaughan <ajv-lists@netspace.net.au>
Cc: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1292-1] New qt4-x11 packages fix cross-site scripting vulnerability
From: Noah Meyerhans <noahm@debian.org>
Date: Tue, 15 May 2007 20:31:31 -0400
Message-id: <20070516003131.GK3802@morgul.net>
Mail-followup-to: Noah Meyerhans <noahm@debian.org>, Andrew Vaughan <ajv-lists@netspace.net.au>, debian-security@lists.debian.org
In-reply-to: <200705160903.13682.ajv-lists@netspace.net.au>
References: <E1Ho5PD-0001Sw-97@klecker.debian.org> <200705160903.13682.ajv-lists@netspace.net.au>

On Wed, May 16, 2007 at 09:03:12AM +1000, Andrew Vaughan wrote:
> > Package        : qt4-x11
> <snip>
> > For the stable distribution (etch), this problem has been fixed in
> > version 4.2.1-2etch1
> >
> Etch shipped with 4.2.1-2+b1 packages.  
> 
> $ dpkg --compare-versions "4.2.1-2+b1" ">>" "4.2.1-2etch1" && echo yes
> yes
> 
> Perhaps that should have been 4.2.1-2+etch1?

Nice catch.  I'm a little bit confused by
http://packages.debian.org/stable/libs/libqt4-core which lists source
versions 4.2.1-2, but http://ftp.debian.org/debian/pool/main/q/qt4-x11/
definitely does contain 4.2.1-2+b1, so it seems that the version in the
update is indeed incorrect.

<sigh>
noah

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Re: [SECURITY] [DSA 1292-1] New qt4-x11 packages fix cross-site scripting vulnerability
  - From: Andrew Vaughan <ajv-lists@netspace.net.au>

Prev by Date: Re: [SECURITY] [DSA 1291-1] New samba packages fix multiple vulnerabilities
Next by Date: Re: debian.org DNSs allow unrestricted zone transfers
Previous by thread: Re: [SECURITY] [DSA 1292-1] New qt4-x11 packages fix cross-site scripting vulnerability
Next by thread: Re: [SECURITY] [DSA 1293-1] New quagga packages fix denial of service
Index(es):
- Date
- Thread