[Secure-testing-commits] r11287 - data/CVE
gilbert-guest at alioth.debian.org
gilbert-guest at alioth.debian.org
Sun Mar 1 04:43:11 UTC 2009
Author: gilbert-guest
Date: 2009-03-01 04:43:10 +0000 (Sun, 01 Mar 2009)
New Revision: 11287
Modified:
data/CVE/list
Log:
marking etch as <not-affected> for CVE-2008-3699 to clean up presentation on tracker pages (see bug report for confirmation that issue is not present in etch)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-03-01 04:27:43 UTC (rev 11286)
+++ data/CVE/list 2009-03-01 04:43:10 UTC (rev 11287)
@@ -7927,6 +7927,7 @@
NOT-FOR-US: Oracle
CVE-2008-3699 (The MagnatuneBrowser::listDownloadComplete function in ...)
- amarok 1.4.10-1 (unimportant; bug #494765)
+ [etch] - amarok <not-affected>
NOTE: The code in question doesn't dereference the symlink, tested with Etch
NOTE: and Lenny. Given that it only takes a minute to test this, it's surprising
NOTE: that at least one vendor issued an advisory and upstream pushed a new release...
More information about the Secure-testing-commits
mailing list