On Sat, 26 Jul 2008 19:34:27 +0200 Thijs Kinkhorst wrote: > On Friday 25 July 2008 01:07, Francesco Poli wrote: > > > > I think I've noticed another DSA with tracker inconsistencies. > > > > DSA-1615-1 [1] claims that several CVEs are fixed in > > > > xulrunner/1.9.0.1-1 for sid. On the other hand, most of these CVEs > > > > (which are linked from the DSA tracker page [2]) are not reported as > > > > fixed in > > > > xulrunner/1.9.0.1-1 by the tracker. > > > Maybe you're right, but... one day is gone and the inconsistencies are > > still there. > > Well, on a page for a specific CVE you can see under the "xulrunner" package > entry that etch (security) is indeed fixed, so I believe the tracker data is > in order. That the top of the page says "packages iceape, icedove, iceweasel, > xulrunner are vulnerable" may be an error in the display code of the tracker? I am *not* talking about etch, I am talking about *sid*! The DSA claims that the CVEs are fixed in unstable, while the tracker says that unstable is still vulnerable (as far as most of the mentioned CVEs are concerned). This seems to be an inconsistency: either the DSA is wrong or the tracker needs to be updated... -- http://frx.netsons.org/doc/index.html#nanodocs The nano-document series is here! ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgpLqgaC9XO4y.pgp
Description: PGP signature