Comment 30 for bug 227464

Jamie Strandboge (jdstrand) wrote :

While the debdiff is much appreciated, there are several issues involved beyond pushing out this debdiff:

1) updates need to be backported and tested for all for released versions (not just hardy)
2) the patches in the debdiff are not in line with Debian or other distributions, so they need to be investigated for correctness
3) several other CVEs not addressed in this debdiff will be included in the upcoming security upload
4) as Kees said, the vulnerabilities addressed in this debdiff are either hard to exploit or low risk

Please be assured that fixes for these CVEs (and others) are actively being worked on.