Dear Florian Weimer git repository already contains a new version for unstable, currently waiting for feedback/upload by Rene Mayrhofer. For stable a patch exists and a new package version will be uploaded soon, oldstable needs more care as there exists a patch for it but it is currently untested. Concerning CVE-2011-2147: based on some code analysis and testing I'm sure the problem is not even present in oldstable - no starter.pid is ever written and the subsys entry gets created with -rw-r--r-- permissions so I would opt for closing this bug and the corresponding security tracker entry as unaffected.
Kind regards Harald Jenny -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
