DSA-1999-1 vs. tracker

To: Debian-security-tracker <debian-security-tracker@lists.debian.org>
Subject: DSA-1999-1 vs. tracker
From: Francesco Poli <frx@firenze.linux.it>
Date: Fri, 19 Feb 2010 00:42:19 +0100
Message-id: <[🔎] 20100219004219.34aa728f.frx@firenze.linux.it>

Hi everybody!

DSA-1999-1 has just been issued [1] claiming that five vulnerabilities
have been fixed in xulrunner.

The DSA states that the five CVEs are fixed in version 1.9.1.8-1 for
sid and the changelog [2] seems to agree.
However, the CVE tracker pages [3][4][5][6][7] tell a different story,
claiming that sid is still vulnerable.
Which is wrong and which is right?


[1] http://lists.debian.org/debian-security-announce/2010/msg00039.html
[2] http://packages.qa.debian.org/x/xulrunner/news/20100217T223453Z.html
[3] http://security-tracker.debian.org/tracker/CVE-2009-1571
[4] http://security-tracker.debian.org/tracker/CVE-2009-3988
[5] http://security-tracker.debian.org/tracker/CVE-2010-0159
[6] http://security-tracker.debian.org/tracker/CVE-2010-0160
[7] http://security-tracker.debian.org/tracker/CVE-2010-0162

-- 
 http://www.inventati.org/frx/progs/scripts/pdebuild-hooks.html
 Need some pdebuild hook scripts?
..................................................... Francesco Poli .
 GnuPG key fpr == C979 F34B 27CE 5CD8 DC12  31B5 78F4 279B DD6D FCF4

Attachment: pgpdPXQySNaWy.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: DSA-1999-1 vs. tracker
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

Prev by Date: Re: On the usefulness of the remote column
Next by Date: DSA-2000-1 vs. tracker
Previous by thread: Re: No tracker page for DSA-1997-1
Next by thread: Re: DSA-1999-1 vs. tracker
Index(es):
- Date
- Thread