On Tue, Mar 02, 2010 at 11:14:50PM +0100, Stefano Zacchiroli wrote: > On Mon, Dec 07, 2009 at 12:05:22AM -0500, Michael Gilbert wrote: > > The following CVE (Common Vulnerabilities & Exposures) id was > > published for libtool. I have determined that this package embeds a > > vulnerable copy of the libtool source code. However, since this is a > > mass bug filing (due to so many packages embedding libtool), I have > > not had time to determine whether the vulnerable code is actually > > present in any of the binary packages. Please determine whether this > > is the case. If the binary packages are not affected, please feel free > > to close the bug with a message containing the details of what you did > > to check. > > I believe this bug report can be closed as false positive. I detail > below my verifications to that conclusion and I copy the security team > for insights.
Ack. In the embedded-code-copies file in the Security Tracker we've marked this as fixed since 6:6.2.3.1-1, so this bug can be closed. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org