Comment 2 for bug 274837

The version of boost in hardy does not have a patch system and the patches in the debian/patches directory are simply a record of what has been applied. If you check the diff, you'll see that the CVE fixes will be applied after doing an 'apt-get source' (and indeed are). It appears that other patches in the directory may not have been applied in line however, and those will need to be checked further.

As this is not a security issue, I am reducing the importance, unmilestoning and unsubscribing the security team.