Hi all again! DSA 1404-1 [1] claims that gallery2 version 2.1.2-2.0.etch.1 fixes CVE-2007-4650 for etch. The DSA page [2] seems to confirm this. However the CVE page [3] tells a different story: it states that version 2.1.2-2.0.etch.1 is vulnerable. Is this a security-tracker internal inconsistency? [1] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00182.html [2] http://security-tracker.debian.net/tracker/DSA-1404-1 [3] http://security-tracker.debian.net/tracker/CVE-2007-4650 Please correct this inconsistency (as long as it really is an inconsistency!). Thank you very much for your efforts to make Debian more and more secure! P.S.: Please Cc: me on replies, as I am not a list subscriber. Thanks. -- http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html Need to read a Debian testing installation walk-through? ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgpSpQ7oGPDsB.pgp
Description: PGP signature