Mailing the story:
Debian alert: Factual correction for DSA-336-1
NOTE: This advisory is being released as a factual correction to
DSA-336-1. In an administrative error, DSA-336-1 listed several CVE
names which did not, in fact, apply to Linux 2.2.20, and omitted one
vulnerability which was fixed in the updated packages. The packages
are (and were) correct, and remain unchanged. The package changelog
contains the correct information. This advisory provides updated
information only.