Re: Tracker inconsistencies for iceape?
On Wed, Nov 07, 2007 at 12:45:58AM +0100, Francesco Poli wrote:
> Hi all!
> DSA 1401-1  claims that iceape version 1.0.11~pre071022-0etch1 and
> version 1.1.5-1 fix the following vulnerabilities:
> CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-5334 CVE-2007-5337
> CVE-2007-5338 CVE-2007-5339 CVE-2007-5340.
> However, the DSA page  also lists CVE-2006-2894 as fixed in version
> Is this a spurious addition in the DSA tracker page or a missing item in
> the DSA message?
It was fixed in the DSA, but the CVE wasn't known at time of release.
> Moreover the individual CVE tracker pages  all claim that version
> 1.1.5-1 is still vulnerable.
> Is this an inconsistency?