Hello Moritz et al., > mantis > CVE-2005-3337 CVE-2006-0664 CVE-2006-0665 > CVE-2006-0840 CVE-2006-0841 CVE-2006-1577
I've supplied updated packages for sid and sarge, addressing all relevant issues. A short breakdown: CVE-2006-1577 - Fixed with upstream patch in sarge and sid; CVE-2006-0840 - This was already addressed in sarge and sid; CVE-2006-0841 - Fixed with selected patches from upstream, some parts were already present. CVE-2006-0664 - Fixed in sarge, sid was already fixed. CVE-2006-0665 - Fixed in sarge, sid was already fixed. CVE-2005-3337 - This is a mistery; the description is vague and the upstream CVS repository doesn't seem to provide a distinct fix. I believe this might actually be a duplicate of another already fixed issue, CVE-2005-2557. We really need more positive proof that there's actually something vulnerable here if you ask me. By the way, the package in sid is not in a very good shape and the maintainer seems to be MIA... Thijs
signature.asc
Description: This is a digitally signed message part
