On Do, 27 Dez 2007, Hilmar Preusse wrote: > > Bug was assigned CVE-2007-5935 > > > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5935 > > > just noticed that Norbert put that # into the changelog: > > * fix segfault of dvips -z on amd64 (patch applied upstream), > thanks to Bastien Roucaries for finding and providing a patch > (Closes: #447081) > > It seems that entry is not yet mentioned in the official package, but > it is in the SVN.
??? how ??? that fix went into texlive-bin (2007.dfsg.1-1) which was released on 2007-11-1. There the bug number was already mentioned, see commit 3122, or the diff to the prev version of changelog: http://svn.debian.org/viewsvn/debian-tex/texlive-new/trunk/texlive-bin/debian/changelog?rev=3122&r1=3110&r2=3122 The only thing what I did *afterwards* was do add the CVE number. The Debian bug number was mentioned. Could it be that you take a look at the SECURITY package? The 2007-14.lenny1 or something? Right, that was release from the security team due to the prolonged libpoppler transition (finally done!). The fix was long there in sid but couldn't enter testing, so the made a quick fix including only this bug fix. No, I see nothing to do. The current svn code contains the CVE and the bug report number. The CVE was assigned AFTER the fixed packages were released, so I couldn't add them. Best wishes Norbert ------------------------------------------------------------------------------- Dr. Norbert Preining <[EMAIL PROTECTED]> Vienna University of Technology Debian Developer <[EMAIL PROTECTED]> Debian TeX Group gpg DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094 ------------------------------------------------------------------------------- There are of course many problems connected with life, of which some of the most popular are `Why are people born?' Why do they spend so much of the intervening time wearing digital watches?' --- The Book. --- Douglas Adams, The Hitchhikers Guide to the Galaxy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
