Hi Lucas,
Lucas Nussbaum schrieb:
First and more important: Why is this fix not in debian-security for
oldstable?
not sure. was it fixed in unstable only, or also in stable (at the
time)?
it was only fixed in unstable that time. The version currently available
via oldstable/etch is still vulnerable.
Secondly how to handle the missing changelog entry?
just manually version-close it with the version it was fixed:
Ok, I'll do this as soon as an DSA will be available for oldstable.
BR
Bjoern
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
