On Tue, May 21, 2013 at 10:16:25PM +0100, Steven Chamberlain wrote: > On 21/05/13 22:09, Moritz Muehlenhoff wrote: > > Thanks, I've updated the security tracker! > > Okay, thank you! > > I couldn't say for sure the exploit given the CVE is real, and there's > very little interest in the package any more (orphaned, low popcon, > removed); but I thought it is better to mark it as affecting until > someone can actually show otherwise. > > I assume NOT-FOR-US was meant for things not packaged at all so was > probably an oversight in this case.
Yes, that was certainly an oversight. Most people perform the check, whether a package is present via "apt-cache search foo" on a sid system and if the package has been culled from the archive such mistakes can happen. Thanks for your diligence! If you plan to update further entries on the tracker, just send patches. If you plan to work on it on an ongoing basis, we can also provide you with write access. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130521212329.GA5317@pisco.westfalen.local