Hi Tzafrir On Sat, Apr 06, 2013 at 03:25:20PM +0300, Tzafrir Cohen wrote: > Update: > > AST-2013-001 (CVE-2013-2685): > Not applicable to either Stable or Testing/Unstable: > new code not included yet even in 1.8. > > AST-2013-002 (CVE-2013-2686): > Applies to Testing/Unstable but not to Stable: > Testing/Unstable: see patch from Upstream. Stable: httpd code does not > read HTTP POST variables. > > AST-2013-003 (CVE-2013-2264): > Applies to both Testing and Unstable. > Testing/Unstable: see patch from Upstream. Stable: Patch backported. > > For Unstable/Testing I include two other simple bug fixes. Both trivial > backports from later 1.8.x reevisions.
Thanks a lot for your updated information. I have updated according to this and the closing version in unstable the security tracker. [Btw, I think there where two typos for the CVE's in the latest changelog for unstable, which might be worth fixing in a future upload to unstable (only to keep the references correct, should have been CVE-2013-2686 and CVE-2013-2264).] Thanks for your work! Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
