found 560927 2.4.5-1 close 560927 2.6.0-6 fixed 560927 2.8.0-5 thanks Hello,
On sekmadienis 13 Gruodis 2009 05:51:00 Michael Gilbert wrote: > The following CVE (Common Vulnerabilities & Exposures) ids were > published for expat. I have determined that this package embeds a > vulnerable copy of xmlparse.c and xmltok_impl.c. However, since this is > a mass bug filing (due to so many packages embedding expat), I have > not had time to determine whether the vulnerable code is actually > present in any of the binary packages derived from this source package. > Please determine whether this is the case. If the binary packages are > not affected, please feel free to close the bug with a message > containing the details of what you did to check. cmake in lenny and sid link use libexpat1 package hence those versions are not affected. The version in etch uses embedded copy however I'm not going to prepare a o-s-p-u upload due to low severity of the bug and because support for etch ends soon. Anyway, if cmake just crashes on bogus source, it's not a big deal. -- Modestas Vainius <modes...@vainius.eu>
signature.asc
Description: This is a digitally signed message part.
