There is two different CVE IDs given to amarok's vulnerabilities: CVE-2009-0135 [1] CVE-2009-0136 [2]
I beleive this DSA [3] is for the first CVE. Is there a need to patch the second one and if yes - what is the status of that process? 1: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0135 2: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0136 3: http://lists.debian.org/debian-security-announce/2009/msg00013.html --- Henri Salo -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org