The version of boost in hardy does not have a patch system and the
patches in the debian/patches directory are simply a record of what has
been applied. If you check the diff, you'll see that the CVE fixes will
be applied after doing an 'apt-get source' (and indeed are). It appears
that other patc
Subscribed ubuntu-security since some of the patches that aren't applied
are:
boost (1.34.1-4ubuntu3) hardy; urgency=low
* debian/patches/05_regex_fixes.patch: fix for
basic_regex_parser() in boost/regex/v4/basic_regex_parser.hpp to return
error on invalid repetition of next state
* R