reopen 559803 thanks On Mon, 07 Dec 2009 22:04:02 +0100 Andreas Tscharner wrote:
> Package: cvsnt > Severity: grave > Tags: security > Version: 2.5.04.3236-1 > > > > The following CVE (Common Vulnerabilities & Exposures) id was > > published for libtool. I have determined that this package embeds a > > vulnerable copy of the libtool source code. However, since this is a > > mass bug filing (due to so many packages embedding libtool), I have not > > had time to determine whether the vulnerable code is actually present > > in any of the binary packages. Please determine whether this is the > > case. If the package is not affected, please feel free to close the bug > > with a message containing the details of what you did to check. > > cvsnt only uses the embeded libtool if it is not installed on the > system. If it is installed, it uses the installed one. your package does not currently have a dependency on libltdl, so i don't see how this could be the case. please make sure you have done enough research before closing security issues. thank you. mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
