> did that upload of libexif actually address both CVE-2006-4168 and > CVE-2007-2645? if so, then the DSA should be updated to indicate that > this is the case. if not, then > http://idssi.enyo.de/tracker/status/release/unstable needs to be > updated to indicate that the CVE-2007-2645 vulnerability still exists > in the archive, and the fix (http://bugs.debian.org/424775) needs to > be uploaded as soon as possible.
oops, i was looking at the unstable page. CVE-2007-2645 is indeed listed on the stable page (http://idssi.enyo.de/tracker/status/release/stable). btw, any chance of the fix getting uploaded to etch any time soon? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
