Bug#559831: closed by (John V. Belmonte) (Bug#559831: fixed in xmlsec1 1.2.14-1)
On Sat, 12 Dec 2009 21:06:30 -0500 John Belmonte wrote: > On closer investigation It turns out that Debian xmlsec1 is not > affected by CVE-2009-3736 since we don't enable dynamic crypto module > loading (--enable-crypto_dl). my mistake. i realize now that the upstream release completely removed libtool, so there ultimately should be no depends. you were correct to close th issue in the first place. mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#559831: closed by (John V. Belmonte) (Bug#559831: fixed in xmlsec1 1.2.14-1)
close 559831 stop On Sat, Dec 12, 2009 at 6:52 PM, Michael Gilbert wrote: > i don't think that this has been resolved since there are no depends on > libtool in your control file. On closer investigation It turns out that Debian xmlsec1 is not affected by CVE-2009-3736 since we don't enable dynamic crypto module loading (--enable-crypto_dl). Thanks for your attention. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#559831: closed by (John V. Belmonte) (Bug#559831: fixed in xmlsec1 1.2.14-1)
reopen 559831 thanks On Wed, 09 Dec 2009 04:21:04 + Debian Bug Tracking System wrote: > This is an automatic notification regarding your Bug report > which was filed against the xmlsec1 package: > > #559831: CVE-2009-3736 local privilege escalation i don't think that this has been resolved since there are no depends on libtool in your control file. mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org