reopen 463184 thanks > I've verified it in the source code: > The correct patch was used to address CVE-2006-4168, only the wrong > bug number was added to the DSA. Instead of #424775 this should've > read #430012.
ok. so, was the security issue described in bug #424775 actually ever fixed? looking at all of the DSAs since the beginning of 2006, i only see the one upload of libexif (DSA-1310 -- which you now say fixed only CVE-2006-4168). did that upload of libexif actually address both CVE-2006-4168 and CVE-2007-2645? if so, then the DSA should be updated to indicate that this is the case. if not, then http://idssi.enyo.de/tracker/status/release/unstable needs to be updated to indicate that the CVE-2007-2645 vulnerability still exists in the archive, and the fix (http://bugs.debian.org/424775) needs to be uploaded as soon as possible. thanks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
