Hi, 2009/10/29 Faidon Liambotis <parav...@debian.org>: > Raphael Geissert wrote: >> Yes, the versions in testing and unstable (at least those that were >> there before I reported it) were both affected. May I suggest you to >> reply to the email in the future whenever you don't think it affects a >> version? the versions in the descriptions are usually not exclusive >> and should be treated as 'at least' (not much we can do, as it is >> mitre who writes the descriptions). > Reply to which email?
The bug report ;) > > And FWIW, Asterisk security advisories mention version numbers > explicitelly and do not follow the "at least" rule. > > However, the version that we ship in unstable is a release candidate > (rc3) for 1.6.2 and hence is not mentioned at all in those advisories. > That was the source of the confusion. Ah, right, sorry, I though the description came from the CVE (but there's none assigned, to the best of my knowledge, yet). Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
