Comment 10 for bug 22882

Version: 0.43-1

On Fri, Nov 25, 2005 at 10:55:48AM +0100, Guido Trotter wrote:

> You wrote two times in the changelog that this issue is resolved:

> Changes:
> inkscape (0.43-1) unstable; urgency=high

> * urgency=high since this version fixes the buffer overflow discovered by
> Joxean Koret (see CVE-2005-3737, debian bug 330894).

> Changes:
> inkscape (0.42.2+0.43pre1-1) unstable; urgency=low

> * Just for the record: inkscape version 0.42 and newer is not vulnerable to
> the security bug mentioned in Bug #321501.

> So I'm wondering: why can't this bug be closed, with the appropriate version tag?
> This would also help migrating inkscape into testing, which it cannot do till this bug remains open...

These are not the same bug; 321501 is a tempfile bug, and 330894 is a buffer
overflow. But you're right, based on the available information this bug
should be marked as closed in unstable.

Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
<email address hidden>