white at alioth.debian.org
2007-Sep-24 15:26 UTC
[Secure-testing-commits] r6683 - data/CVE
Author: white Date: 2007-09-24 15:26:36 +0000 (Mon, 24 Sep 2007) New Revision: 6683 Modified: data/CVE/list Log: Add NOTE for maintainer''s opinion Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-09-24 14:24:43 UTC (rev 6682) +++ data/CVE/list 2007-09-24 15:26:36 UTC (rev 6683) @@ -2859,7 +2859,7 @@ NOT-FOR-US: Apple Safari CVE-2007-3741 (The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp ...) - gimp <unfixed> - TODO: Poke maintainer, might be a non-issue, as upstream is fairly well organized + NOTE: maintainer states that this is not an issue CVE-2007-3740 (The CIFS filesystem, when Unix extension support is enabled, does not ...) - linux-2.6 <unfixed> CVE-2007-3739 (mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not ...)
Nico Golde
2007-Sep-24 21:03 UTC
[Secure-testing-team] [Secure-testing-commits] r6683 - data/CVE
Hi, * white at alioth.debian.org <white at alioth.debian.org> [2007-09-24 21:50]:> Author: white > Date: 2007-09-24 15:26:36 +0000 (Mon, 24 Sep 2007) > New Revision: 6683 > > Modified: > data/CVE/list > Log: > Add NOTE for maintainer''s opinion[...]> CVE-2007-3741 (The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp ...) > - gimp <unfixed> > - TODO: Poke maintainer, might be a non-issue, as upstream is fairly well organized > + NOTE: maintainer states that this is not an issueNow I want to discuss this issue since I am slightly confused now. I once marked 2.2.16-1 as fixed since I downloaded the mandriva source package with the update, isolated the patch and looked at the source code. To be sure about this issue I talked to Ari about this issue to be sure I am right with this and got: 2007-09-17 18:58 <ari> i''m not aware of 2.2.17 still being vulnerable Then this bug was marked as unfixed with the old TODO you see in the diff. I wrote Moritz a mail because of this but have no answer yet, I guess because of his holidays. And now I see this note. So what is really up with this? Kind regards Nico -- Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070924/cba936ba/attachment.pgp