Hi, * Steven M. Christey <co...@linus.mitre.org> [2009-07-01 13:43]: > On Mon, 22 Jun 2009, Nico Golde wrote: > > > I'm not sure if this should get a new CVE id but the versions in the CVE id > > description should be adjusted and the upstream patch revised. > > This looks like even though there was a source code modification, the > previous issue was not fixed at all. That is, any attack that would have > worked before the fix, will still work after the fix. > > However, Fedora FEDORA-2009-3383 at least claims a fix for CVE-2009-0840, > so a new CVE is probably in order to "signal" to admins that they have > another issue to handle. > > Use CVE-2009-2281 for the "new" issue. What versions are affected by > this?
Should be every currently available release, I'm currently working with upstream on a better fix. Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
pgp578npxfHrT.pgp
Description: PGP signature
_______________________________________________ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-grass-devel
