Comment 14 for bug 13779

Message-ID: <email address hidden>
Date: Sat, 12 Mar 2005 17:53:36 -0500
From: Joey Hess <email address hidden>
To: <email address hidden>
Cc: <email address hidden>, <email address hidden>
Subject: Re: #298939 should not have been marked fixed by lesstif1-1 NMU

--d6Gm4EdcadzBjdND
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

tag 298183 fixed
merge 298183 299236
thanks

Branden Robinson wrote:
> clone 298939 -1
> retitle -1 lesstif1-1: copy of libXpm code affected by buffer overflow CA=
N-2005-0605
> reassign -1 lesstif1-1
> # I don't actually know if it's fixed upstream yet in LessTif, but I'm
> # guessing it's not.
> tag -1 - fixed-upstream
> # libxpm4 is not fixed until the security buildds' packages are uploaded.
> tag 298939 - fixed
> thanks
>=20
> Hi Joey,
>=20
> Did you mean to only reference #298939 in your NMU of lesstif1-1? You sa=
id
> "Closes:", which marked as fixed the bug I filed against libxpm4, which is
> not part of lesstif1-1 and is not yet fixed.
>=20
> I am assuming your closing of #298939 is in error (since it's not
> accurate), and cloning a copy of it for CAN-2005-0605's affect of
> lesstif1-1.

Sorry, I meant to refer to bug #298183 which was already open on
lesstif1 for the same vulnerability.

--=20
see shy jo

--d6Gm4EdcadzBjdND
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCM3Lvd8HHehbQuO8RAjI5AKDltf47z7A83wCP8iofuSzDXbY8agCfRa7j
Y7oGURkfv29QQqcBaNWBprI=
=GuJw
-----END PGP SIGNATURE-----

--d6Gm4EdcadzBjdND--