Martin Pitt wrote: > I did not find any trace in the changelog that > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0837 > http://www.securityfocus.com/archive/1/393705 > > is fixed. Version 1.3 might not even be vulnerable, but can you please > check? If it is indeed vulnerable, please upgrade the severity to > grave and coordinate with the security team.
Bug #301368, which covers CAN-2005-0837 as well as CAN-2005-0838 (but typoed the CAN numbers), is open... however, see the dismissal from upstream that this is a problem. -- see shy jo
signature.asc
Description: Digital signature
