Hi, * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2007-09-24 21:50]: > Author: white > Date: 2007-09-24 15:26:36 +0000 (Mon, 24 Sep 2007) > New Revision: 6683 > > Modified: > data/CVE/list > Log: > Add NOTE for maintainer's opinion [...] > CVE-2007-3741 (The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins > in gimp ...) > - gimp <unfixed> > - TODO: Poke maintainer, might be a non-issue, as upstream is fairly well > organized > + NOTE: maintainer states that this is not an issue
Now I want to discuss this issue since I am slightly confused now. I once marked 2.2.16-1 as fixed since I downloaded the mandriva source package with the update, isolated the patch and looked at the source code. To be sure about this issue I talked to Ari about this issue to be sure I am right with this and got: 2007-09-17 18:58 <ari> i'm not aware of 2.2.17 still being vulnerable Then this bug was marked as unfixed with the old TODO you see in the diff. I wrote Moritz a mail because of this but have no answer yet, I guess because of his holidays. And now I see this note. So what is really up with this? Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpX0pEZkQ3PF.pgp
Description: PGP signature
_______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team