On Sat, 12 Dec 2009 21:06:30 -0500 John Belmonte wrote: > On closer investigation It turns out that Debian xmlsec1 is not > affected by CVE-2009-3736 since we don't enable dynamic crypto module > loading (--enable-crypto_dl).
my mistake. i realize now that the upstream release completely removed libtool, so there ultimately should be no depends. you were correct to close th issue in the first place. mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
