It probably does affect oldstable and earlier, but given its 'minor' status in the security tracker, this might not be worth fixing. As noted earlier in the bug, it has been properly fixed in unstable.
This *probably* doesn't affect Debian stable (5.2.10-3) and later, as
they were built --without-libsoup (to avoid an unrelated crash,
#1017528), and the description and upstream fix suggest that the
vulnerable functionality requires libsoup. Is this enough evidence to
mark it as non-vulnerable in the security tracker, and if so, what is
the process for doing so?
- Bug#993592: probably not vulnerable? Re: #993592 CVE-... Rebecca N. Palmer
- Bug#993592: probably not vulnerable? Re: #993592... Salvatore Bonaccorso
- Bug#993592: probably not vulnerable? Re: #99... Rebecca N. Palmer
- Bug#993592: probably not vulnerable? Re:... Moritz Mühlenhoff
