Control: fixed -1 1.10.1+dfsg-4+nmu1 On Tue, 2013-03-19 at 16:04 -0400, Benjamin Kaduk wrote: > On Tue, 19 Mar 2013, Adam D. Barratt wrote: > > > On Tue, 2013-03-19 at 15:47 -0400, Benjamin Kaduk wrote: > >> reopen 702633 > > > > Why? Do you believe that the 1.10.1+dfsg-4+nmu1 package does not contain > > a fix for this bug? > > The changelog entry for 1.10.1+dfsg-4+nmu1 mentions the wrong CVE number, > and as such the purpoted "fix" for this bug is incomplete, as the > documentation of the change is incorrect. Now, it may be that the package > maintainer or the security team may decide that a version bump is not > necessary to correct this error, but such a decision should be explicitly > made (IMHO).
This bug is about CVE-2012-1016. If the package contains a fix for CVE-2012-1016 then the bug is fixed, whether or not the changelog correctly indicates that. Yes, the changelog should be corrected, but that doesn't change the fact that the package includes the fix for the security issue discussed in this bug report. Regards, Adam (Not that it should matter, but with a Release Manager hat on; the maintainer / security team are of course free to disagree...) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
