Long enough in the tree. Probably also fixes #485232. Reproducible: Always
Just realized it has not yet been 30 days. May bad. Please wait a couple more days with this.
There is an open security bug for this and the most stable version in the tree is vulnerable. See bug 485232.
*** This bug has been marked as a duplicate of bug 485232 ***
(In reply to Gokturk Yuksek from comment #2) > There is an open security bug for this and the most stable version in the > tree is vulnerable. See bug 485232. Is or not is vulnerable? (reading from the security bug looks like this was ok finally... in that case, it doesn't matter what bug is used for stabilizing this, but, please, remember to set STABLEREQ in the bug keywords and also to use "depends on" and "blocks" bug fields if needed ;) Thanks
(In reply to Pacho Ramos from comment #4) > (In reply to Gokturk Yuksek from comment #2) > > There is an open security bug for this and the most stable version in the > > tree is vulnerable. See bug 485232. > > Is or not is vulnerable? (reading from the security bug looks like this was > ok finally... in that case, it doesn't matter what bug is used for > stabilizing this, but, please, remember to set STABLEREQ in the bug keywords > and also to use "depends on" and "blocks" bug fields if needed ;) > > Thanks Pacho, the security bug text is confusing. I also assumed it when I read the comment "Fixed in versions davfs2/1.4.7-3, davfs2/1.4.6-1.1+deb7u1". There is no 1.4.7 in the tree. According to the changelog[1], this is fixed in 1.5.0, not 1.4.7. There is a proposed patch for 1.4.7[2]. Nobody actually revbumped the packages to include these patches. As such, 1.5.2 is the only unaffected version in the tree which is why I wanted to push for it's stabilization. [1] https://savannah.nongnu.org/forum/forum.php?forum_id=7952 [2] https://savannah.nongnu.org/bugs/?40034
I meant there is no 1.4.7-3 in the tree.
on behalf of prompt by user Gokturk Yuksek
amd64 stable
x86 stable
ppc stable. Closing.