devin-guest at alioth.debian.org
2008-Apr-05 04:55 UTC
[Secure-testing-commits] r8485 - data/CVE
Author: devin-guest Date: 2008-04-05 04:55:34 +0000 (Sat, 05 Apr 2008) New Revision: 8485 Modified: data/CVE/list Log: CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 fixed in etch by 3.01-9.1+etch2 Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-04-05 04:53:24 UTC (rev 8484) +++ data/CVE/list 2008-04-05 04:55:34 UTC (rev 8485) @@ -7456,6 +7456,7 @@ - poppler 0.6.2-1 (medium; bug #450628) - kdegraphics 4:3.5.8-2 (medium; bug #450630) - xpdf 3.02-1.3 (medium; bug #450629) + [etch] - xpdf 3.01-9.1+etch2 - koffice 1:1.6.3-4 (medium; bug #450631) - libextractor 0.5.9-1 - cupsys 1.1.22-7 @@ -7474,6 +7475,7 @@ - kdegraphics 4:3.5.8-2 (medium; bug #450630) [etch] - kdegraphics <not-affected> (Vulnerable code not used) - xpdf 3.02-1.3 (medium; bug #450629) + [etch] - xpdf 3.01-9.1+etch2 - koffice 1:1.6.3-4 (medium; bug #450631) - libextractor 0.5.9-1 - cupsys 1.1.22-7 @@ -10253,6 +10255,7 @@ - kdegraphics 4:3.5.8-2 (medium; bug #450630) [etch] - kdegraphics <not-affected> (Vulnerable code not used) - xpdf 3.02-1.3 (medium; bug #450629) + [etch] - xpdf 3.01-9.1+etch2 - koffice 1:1.6.3-4 (medium; bug #450631) - libextractor 0.5.9-1 - cupsys 1.1.22-7
Hi Devin, On Saturday 5 April 2008 06:55, devin-guest at alioth.debian.org wrote:> CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 fixed in etch by 3.01-9.1+etch2These changes are not needed. Once a DSA is added to data/DSA/list, the next "automatic update" commit by joeyh will add that DSA number to the CVE entry (see r8481 for example). That is enough for the tracker to infer which corresponding etch versions fix the problem. Thijs -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20080405/d3f55c23/attachment.pgp