Hello everybody, there's something unclear to me. DSA-2505-1 [1] states that CVE-2012-3363 is fixed in unstable by zendframework/1.11.12-1 and the tracker seems to agree [2]. [1] https://lists.debian.org/debian-security-announce/2012/msg00145.html [2] http://security-tracker.debian.org/tracker/CVE-2012-3363 Good, but... where in the world is zendframework/1.11.12-1 ? The DSA was issued on last Friday. Nonetheless, it seems that zendframework/1.11.12-1 has not yet materialized: $ rmadison zendframework zendframework | 1.10.6-1 | squeeze | source, all zendframework | 1.10.6-1squeeze1 | squeeze-p-u | source, all zendframework | 1.10.6-1squeeze1 | squeeze-security | source, all zendframework | 1.11.11-1 | wheezy | source, all zendframework | 1.11.11-1 | sid | source, all Is there anything obvious that I am overlooking? Could you please explain? Thanks for your time. -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
Attachment:
pgpZEAONlIstS.pgp
Description: PGP signature