Bug#552124: qa.debian.org: bogusly warns about security issues when fixed
Package: qa.debian.org
Severity: important
Hi,
let's look at http://packages.qa.debian.org/o/openoffice.org.html. We see
at the top: "There are 5 open security issues, please fix them. "
Let's look what they are:
CVE-2009-0200 Integer underflow in OpenOffice.org (OOo) before 3.1.1 and ...
fixed in both etch-security and lenny-security (etch-backports is not relevant
anymore) and just waits to be in a point release.
Why is this listed as still needing to be fixed?
CVE-2009-0201 Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and ...
fixed in both etch-security and lenny-security (etch-backports is not relevant
anymore) and just waits to be in a point release.
Why is this listed as still needing to be fixed?
CVE-2009-2139 Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx ...
CVE-2009-2140 Multiple heap-based buffer overflows in ...
CVE-2009-3239 Buffer overflow in the EMF parser implementation in OpenOffice.org ...
fixed, but security-tracker buggy....
CVE-2009-3569 Stack-based buffer overflow in OpenOffice.org (OOo) allows remote ...
CVE-2009-3570 Unspecified vulnerability in OpenOffice.org (OOo) has unspecified ...
CVE-2009-3571 Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact ...
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551068. Nothing to fix
there (yet).
At least the first too should not be shown!
Grüße/Regards,
Rene
Reply to: