Package: smokeping Version: 2.3.6-3 Severity: important Tags: lenny,security
According to Michael S Gilbert in http://lists.debian.org/debian-devel/2009/10/msg00394.html the prototype.js version bundled with smokeping 2.3.6 (1.5.0_rc0) is vulnerable to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2383 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220 Etch (2.0.9-2) is not affected. Squeeze+sid (2.3.6-4) don't use the bundled prototype.js, so they are unaffected too. I'm going to close this at 2.3.6-4 and look at preparing a stable update. -- Niko Tyni nt...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org