Re: Amarok CVE-2009-0135 and CVE-2009-0136

To: debian-security@lists.debian.org
Subject: Re: Amarok CVE-2009-0135 and CVE-2009-0136
From: Nico Golde <debian-security+ml@ngolde.de>
Date: Mon, 19 Jan 2009 19:07:05 +0100
Message-id: <[🔎] 20090119180704.GH22628@ngolde.de>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20090119110137.GA30925@hack.fi>
References: <[🔎] 20090119110137.GA30925@hack.fi>

Hi,
* Henri Salo <fgeek@hack.fi> [2009-01-19 17:13]:
> There is two different CVE IDs given to amarok's vulnerabilities:
> 
> CVE-2009-0135 [1]
> CVE-2009-0136 [2]
> 
> I beleive this DSA [3] is for the first CVE. Is there a need to patch
> the second one and if yes - what is the status of that process?

Both fixed in 1.4.4-4etch1, the CVE ids were not known when 
this package was released.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgppD1X17_xqB.pgp
Description: PGP signature

Reply to:

References:
- Amarok CVE-2009-0135 and CVE-2009-0136
  - From: Henri Salo <fgeek@hack.fi>

Prev by Date: Amarok CVE-2009-0135 and CVE-2009-0136
Next by Date: Re: [SECURITY] [DSA 1708-1] New Git packages fix remote code execution
Previous by thread: Amarok CVE-2009-0135 and CVE-2009-0136
Next by thread: Re: [SECURITY] [DSA 1708-1] New Git packages fix remote code execution
Index(es):
- Date
- Thread