The tracker page [1] for CVE-2008-3699 says "Debian/stable not known to be vulnerable", yet in the next section it says that "etch 1.4.4-4 vulnerable". These two statements contradict one another, and lead one clueless as to whether the issue has been fixed or not in stable. The tracker should be updated with correct information.
[1] http://security-tracker.debian.net/tracker/CVE-2008-3699 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]