Hi, On Sun, Jul 27, 2008 at 05:38:20PM +0200, Nico Golde wrote: > > > I can't see an old CVE id describing this problem, is a new CVE > > > id needed for this one? > > > > There is no CVE id for it. I'm not sure Debian needs a new CVE id > > because upstream said only Horde 3.2 and Turba 2.2 are affected > > (this versions are *not* in Debian). > > But they were in the archive and other vendors might still have them in > their archive. I also added 2.2.1-1 as the fixed version in > the security tracker and requested a CVE id.
No, these versions were never in the archive. But yes, other vendors could be affected. > P.S. Please mention such fixes as security fixes in the > changelog next time so we can get them easier on our > radars. Even if the version affected was not in Debian? Regards, -- Gregory Colpart <[EMAIL PROTECTED]> GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
