[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Tracker inconsistencies

Hi all!

CVE-2007-2172[1] description states that the vulnerability is present in
"Linux kernel 2.6 before 2.6.21-rc6".
On the other hand the tracker page[1] claims that lenny and sid are
vulnerable, even though they already have versions 2.6.21-6 and
2.6.22-4, respectively.

Is this an inconsistency?

[1] http://security-tracker.debian.net/tracker/CVE-2007-2172

CVE-2007-2834 page[2] claims that openoffice.org in sarge-security
(version 1.1.3-9sarge8) is vulnerable, while the DSA[3] states that the
vulnerability is fixed for sarge in that very version.

Is this an inconsistency?

[2] http://security-tracker.debian.net/tracker/CVE-2007-2834
[3] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00141.html

CVE-2007-4569 page[4] claims that kdebase in sarge (version
4:3.3.2-1sarge3) is vulnerable, while the DSA[5] states that the
vulnerability was not present in sarge.

Is this an inconsistency?

[4] http://security-tracker.debian.net/tracker/CVE-2007-4569
[5] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00143.html

CVE-2007-4565 page[6] claims that fetchmail in sarge (version
6.2.5-12sarge5) is vulnerable, while the DSA[7] states that the
vulnerability was not present in sarge.

Is this an inconsistency?

[6] http://security-tracker.debian.net/tracker/CVE-2007-4565
[7] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00145.html

CVE-2007-5135 page[8] claims that openssl is vulnerable in
sarge-security (version 0.9.7e-3sarge5) and in etch-security (version
0.9.8c-4etch1) , while the DSA[9] states that those very versions
include the fix.

Is this an inconsistency?

[8] http://security-tracker.debian.net/tracker/CVE-2007-5135
[9] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00150.html

Please correct the above described inconsistencies (to the extent that
they actually are inconsistencies!), and please keep on with the good
job you are doing to enhance the security of Debian!
Thanks a lot.

P.S.: Please Cc: me on replies, as I am not a list subscriber.  Thanks.

 Need to read a Debian testing installation walk-through?
..................................................... Francesco Poli .
 GnuPG key fpr == C979 F34B 27CE 5CD8 DC12  31B5 78F4 279B DD6D FCF4

Attachment: pgpXCklZvQjhy.pgp
Description: PGP signature

Reply to: