Hi list, DTSA-180-1 has just been issued [1]. It claims that courier-authlib/0.61.0-1+lenny1 fixes CVE-2008-2380 in lenny (security). The tracker page [2] for CVE-2008-2380 is awkward, though. It includes the following vulnerability table: courier-authlib (PTS) etch 0.58-4 vulnerable lenny 0.61.0-1 vulnerable lenny (security) 0.61.0-1+lenny1 fixed sid 0.61.0-1+lenny1 vulnerable This looks strange to me, since the same package version is considered as fixed in lenny (security), but vulnerable in sid... Does this depend on some obscure interaction with other packages? Or should the CVE be marked as fixed in sid, too? [1] http://security-tracker.debian.net/tracker/DTSA-180-1 [2] http://security-tracker.debian.net/tracker/CVE-2008-2380 P.S.: Please Cc: me on replies, as I am not a list subscriber. Thanks. -- On some search engines, searching for my nickname AND "nano-documents" may lead you to my website... ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgp7drqgxUkHK.pgp
Description: PGP signature