Re: [SECURITY] [DLA 419-1] gtk+2.0 security update

To: debian-lts@lists.debian.org
Subject: Re: [SECURITY] [DLA 419-1] gtk+2.0 security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 18 Feb 2016 08:33:35 +0100
Message-id: <[🔎] 20160218073335.GA4085@lorien.valinor.li>
Mail-followup-to: debian-lts@lists.debian.org
In-reply-to: <[🔎] 20160217181619.GA29593@riseup.net>
References: <20160217102104.GA4931@riseup.net> <[🔎] 20160217161302.GA6137@bogon.m.sigxcpu.org> <[🔎] 20160217181619.GA29593@riseup.net>

Hi,

On Wed, Feb 17, 2016 at 07:16:20PM +0100, Santiago Ruano Rincón wrote:
> Hi Guido,
> 
> El 17/02/16 a las 17:13, Guido Günther escribió:
> > Hi Santiago,
> > On Wed, Feb 17, 2016 at 11:21:04AM +0100, santiagorr@riseup.net wrote:
> > > Package        : gtk+2.0
> > > Version        : 2.20.1-2+deb6u1
> > > CVE ID         : CVE-2013-7447
> > > Debian Bug     : 799275
> > 
> > This doesn't seem to be reflected in data/CVE/list. Did you forget to
> > commit your changes?
> 
> Actually, I didn't forget it. Look at data/DLA/list:
> 
> [17 Feb 2016] DLA-419-1 gtk+2.0 - security update
>         {CVE-2013-7447}
>         [squeeze] - gtk+2.0 2.20.1-2+deb6u1
> 
> Doesn't sectracker automatically updates data/CVE/list?

Just to confirm: yes the security-tracker builds the cross reference
(no need to do that by hand there).

I just checked the CVE-2013-7447 entry and looks correct to me. Guido
do you mean something else?

Regards,
Salvatore

Reply to:

References:
- Re: [SECURITY] [DLA 419-1] gtk+2.0 security update
  - From: Guido Günther <agx@sigxcpu.org>
- Re: [SECURITY] [DLA 419-1] gtk+2.0 security update
  - From: Santiago Ruano Rincón <santiagorr@riseup.net>

Prev by Date: Re: [PATCH] Given a package allow to check in which releases security support has ended
Next by Date: Re: [SECURITY] [DLA 419-1] gtk+2.0 security update
Previous by thread: Re: [SECURITY] [DLA 419-1] gtk+2.0 security update
Next by thread: Re: [SECURITY] [DLA 419-1] gtk+2.0 security update
Index(es):
- Date
- Thread