fixed 499842 2.8.6-1 thanks Both issues affect 1.6.10-3etch1 in etch.
Of the three patches, this one https://bugzilla.redhat.com/attachment.cgi?id=312880 introduces a new config file /etc/hp/alerts.conf . I am not sure if this is good for a stable security update, but it may be ok if the feature is nearly never used. Maybe the maintainer could comment? The code in lenny (2.8.6) is quite different. AFAICS, hpssd does not open any listening socket anymore so CVE-2008-2941 is not an issue. And the alert email code seems to be commented out, therefore CVE-2008-2940 is also an non-issue. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
