This one time, at band camp, Micah Anderson said: > I noticed that you used the new BTS versioning to tag 316462 (which is > about CAN-2005-1923) as fixed in 0.86.1-1, however in the changelog > for that version I do not see CAN-2005-1923 mentioned: > > Closes: 315396 315410 > Changes: > clamav (0.86.1-1) unstable; urgency=low > . > * New upstream version > * New translations > - da (thanks Mohammed Adnene Trojette) (closes: #315396) > - fr (thanks Claus Hindsgaul <[EMAIL PROTECTED]>)(closes: #315410)
0.86.1 was uploaded before the CAN numbers were released, or indeed even made public. > I'm puzzled because I see this in this bug log: > > >Sorry, this bug _is_ fixed in sid. It is also fixed in volatile, and a > >patch is on it's way to the security team. That just leaves 316401. > > but again, I don't see the bug closed in any changelog, or the CAN > mentioned in any changelog (except in sarge, 0.84-2.sarge.1 mentions > it as fixed). Yes, we were trying to track the various versions of clam that are vulnerable in order to make sure they all got fixed. It wasn't clear to me (due to the way disclosures happened, and a not particularly helpful upstream changleog) that all known issues were actually corrected in 0.86.1. It turned out that those issues were. -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
signature.asc
Description: Digital signature
