Hi, > Please mention the name CVE-2007-3215 in the changelog when fixing > this bug. A security update for stable may be necessary.
The stable version of knowledgeroot does not use the vulnerable code in question. Hence no stable update is necessary. knowledgeroot is not present in oldstable. However, unstable of course still needs to be fixed, because the code itself is still insecure, and it's a priority to get these duplicated copies of phpmailer out of the archive. From your changelog: > * Removed libphp-phpmailer, libphp-phplayersmenu, libphp-pclzip from > Depends because this package has a copy of them. That is definately the wrong way around. You should be replacing any shipped copies with the packaged ones! The point is threefold: * Security bugs like these can be fixed once instead of across many packages; * There's less code/space in total on a user's system; * Users will benefit from bugs fixed in the "master" package of that library. thanks, Thijs
pgpW4ve3dhriU.pgp
Description: PGP signature
