[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Tracker inconsistencies



Hi all!

CVE-2007-2172[1] description states that the vulnerability is present in
"Linux kernel 2.6 before 2.6.21-rc6".
On the other hand the tracker page[1] claims that lenny and sid are
vulnerable, even though they already have versions 2.6.21-6 and
2.6.22-4, respectively.

Is this an inconsistency?

[1] http://security-tracker.debian.net/tracker/CVE-2007-2172


CVE-2007-2834 page[2] claims that openoffice.org in sarge-security
(version 1.1.3-9sarge8) is vulnerable, while the DSA[3] states that the
vulnerability is fixed for sarge in that very version.

Is this an inconsistency?

[2] http://security-tracker.debian.net/tracker/CVE-2007-2834
[3] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00141.html


CVE-2007-4569 page[4] claims that kdebase in sarge (version
4:3.3.2-1sarge3) is vulnerable, while the DSA[5] states that the
vulnerability was not present in sarge.

Is this an inconsistency?

[4] http://security-tracker.debian.net/tracker/CVE-2007-4569
[5] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00143.html


CVE-2007-4565 page[6] claims that fetchmail in sarge (version
6.2.5-12sarge5) is vulnerable, while the DSA[7] states that the
vulnerability was not present in sarge.

Is this an inconsistency?

[6] http://security-tracker.debian.net/tracker/CVE-2007-4565
[7] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00145.html


CVE-2007-5135 page[8] claims that openssl is vulnerable in
sarge-security (version 0.9.7e-3sarge5) and in etch-security (version
0.9.8c-4etch1) , while the DSA[9] states that those very versions
include the fix.

Is this an inconsistency?

[8] http://security-tracker.debian.net/tracker/CVE-2007-5135
[9] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00150.html



Please correct the above described inconsistencies (to the extent that
they actually are inconsistencies!), and please keep on with the good
job you are doing to enhance the security of Debian!
Thanks a lot.


P.S.: Please Cc: me on replies, as I am not a list subscriber.  Thanks.


-- 
 http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html
 Need to read a Debian testing installation walk-through?
..................................................... Francesco Poli .
 GnuPG key fpr == C979 F34B 27CE 5CD8 DC12  31B5 78F4 279B DD6D FCF4

Attachment: pgpXgKJWX87kH.pgp
Description: PGP signature


Reply to: