Bug#552124: qa.debian.org: bogusly warns about security issues when fixed

[Rene Engelhard <rene@debian.org>]

Package: qa.debian.org
Severity: important

Hi,

let's look at http://packages.qa.debian.org/o/openoffice.org.html. We see
at the top: "There are 5 open security issues, please fix them. "

Let's look what they are:

CVE-2009-0200	Integer underflow in OpenOffice.org (OOo) before 3.1.1 and ...

fixed in both etch-security and lenny-security (etch-backports is not relevant
anymore) and just waits to be in a point release.
Why is this listed as still needing to be fixed?

CVE-2009-0201	Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and ...

fixed in both etch-security and lenny-security (etch-backports is not relevant
anymore) and just waits to be in a point release.
Why is this listed as still needing to be fixed?

CVE-2009-2139	Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx ...
CVE-2009-2140	Multiple heap-based buffer overflows in ...
CVE-2009-3239	Buffer overflow in the EMF parser implementation in OpenOffice.org ...

fixed, but security-tracker buggy....

CVE-2009-3569	Stack-based buffer overflow in OpenOffice.org (OOo) allows remote ...
CVE-2009-3570	Unspecified vulnerability in OpenOffice.org (OOo) has unspecified ...
CVE-2009-3571	Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact ...

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551068. Nothing to fix
there (yet).

At least the first too should not be shown!

Grüße/Regards,

Rene