Maybe I'm reading things wrong, or maybe Mitre's information is
actually incorrect, but it looks like the fixes claimed for
CVE-2010-3847 in 2.11.2-8 actually address CVE-2010-3856  instead.
It looks like CVE-2010-3847  is still unfixed. The original fix in
-7 may have been correct to begin with?