On Thu, Nov 13, 2008 at 12:23:15PM -0500, Ari Pollak wrote:
> CVE-2008-2956 is the only remaining bug that hasn't been fixed upstream.
> It's not considered serious because of the reasons given earlier:
>
> The other issue (CVE-2008-2956) can only be exploited, when the client
> is connecting to a server that either does not check for malformed XML
> or send them. Therefore, it could (under certain circumstances) be used
> to perform a DoS.
Ari, could you check with upstream, whether this has been fixed by now?
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
