On Mon, Aug 11, 2003 at 12:22:13PM +0200, Gian Piero Carrubba wrote: > Il lun, 2003-08-11 alle 02:58, Matt Zimmerman ha scritto: > > > > I haven't found 2.2.2-6woody2 in the changelog, however 2.2.2-6 has been > > > released in december 2001 > > > > 2.2.2-6woody2 is a later version than 2.2.2-6. 2.2.2-6 has the bugs, > > 2.2.2-6woody2 has the fixes. > > 2.2.2-6 has been released on dec 13 2001, 2.2.2-7 on dec 14 2001 > (following the changelog), so 2.2.2-6woody2 should be dated between > these 2 days, am i right?
No. It is a new version on the stable branch, which was created based on older code at a later date. > > I do not understand the problem. > > DSA-361-1 states that the vulnerabilities reported have been fixed in > 2.2.2-13.woody.8 (and this is the version you can find in the > repository)... DSA-361-2 is the same advisory, except that it states > that the vulnerabilities have been fixed in 2.2.2-6woody2... and i think > that's someway strange that 2 vulnerabilities from this year have been > addressed almost 2 years ago (well, not impossible with debian :) )... > but then, what's the purpose of 2.2.2-13.woody.8? DSA-361-1 and DSA-361-2 address different packages. -- - mdz
