> * Just for the record: inkscape version 0.42 and newer is not vulnerable to
> the security bug mentioned in Bug #321501.
> So I'm wondering: why can't this bug be closed, with the appropriate version tag?
> This would also help migrating inkscape into testing, which it cannot do till this bug remains open...
These are not the same bug; 321501 is a tempfile bug, and 330894 is a buffer
overflow. But you're right, based on the available information this bug
should be marked as closed in unstable.
Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
<email address hidden> http://www.debian.org/
Version: 0.43-1
On Fri, Nov 25, 2005 at 10:55:48AM +0100, Guido Trotter wrote:
> You wrote two times in the changelog that this issue is resolved:
> Changes:
> inkscape (0.43-1) unstable; urgency=high
> * urgency=high since this version fixes the buffer overflow discovered by
> Joxean Koret (see CVE-2005-3737, debian bug 330894).
> Changes:
> inkscape (0.42.2+0.43pre1-1) unstable; urgency=low
> * Just for the record: inkscape version 0.42 and newer is not vulnerable to
> the security bug mentioned in Bug #321501.
> So I'm wondering: why can't this bug be closed, with the appropriate version tag?
> This would also help migrating inkscape into testing, which it cannot do till this bug remains open...
These are not the same bug; 321501 is a tempfile bug, and 330894 is a buffer
overflow. But you're right, based on the available information this bug
should be marked as closed in unstable.
Cheers, www.debian. org/
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
<email address hidden> http://