On Thu, Mar 04, 2010 at 11:00:30PM +0100, Christoph Biedl wrote:
> Moritz Muehlenhoff wrote...
>
> > Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4652
> > for patches.
>
> According to that page this affects only versions 13 and 14, and only
> if TLS is enabled.
The CVE writeups are usually written without in-depth investigation,
their information on affected versions shouldn't be trusted without
checking the code. I didn't look into details, I just file bugs for a
bunch of new security issues.
> Currently there's 0.12.1 in Debian, and without TLS support. You
> might want to close that bug report.
I'll leave that to the maintainers/adopters.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
