Hi all! CVE-2007-2172[1] description states that the vulnerability is present in "Linux kernel 2.6 before 2.6.21-rc6". On the other hand the tracker page[1] claims that lenny and sid are vulnerable, even though they already have versions 2.6.21-6 and 2.6.22-4, respectively. Is this an inconsistency? [1] http://security-tracker.debian.net/tracker/CVE-2007-2172 CVE-2007-2834 page[2] claims that openoffice.org in sarge-security (version 1.1.3-9sarge8) is vulnerable, while the DSA[3] states that the vulnerability is fixed for sarge in that very version. Is this an inconsistency? [2] http://security-tracker.debian.net/tracker/CVE-2007-2834 [3] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00141.html CVE-2007-4569 page[4] claims that kdebase in sarge (version 4:3.3.2-1sarge3) is vulnerable, while the DSA[5] states that the vulnerability was not present in sarge. Is this an inconsistency? [4] http://security-tracker.debian.net/tracker/CVE-2007-4569 [5] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00143.html CVE-2007-4565 page[6] claims that fetchmail in sarge (version 6.2.5-12sarge5) is vulnerable, while the DSA[7] states that the vulnerability was not present in sarge. Is this an inconsistency? [6] http://security-tracker.debian.net/tracker/CVE-2007-4565 [7] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00145.html CVE-2007-5135 page[8] claims that openssl is vulnerable in sarge-security (version 0.9.7e-3sarge5) and in etch-security (version 0.9.8c-4etch1) , while the DSA[9] states that those very versions include the fix. Is this an inconsistency? [8] http://security-tracker.debian.net/tracker/CVE-2007-5135 [9] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00150.html Please correct the above described inconsistencies (to the extent that they actually are inconsistencies!), and please keep on with the good job you are doing to enhance the security of Debian! Thanks a lot. P.S.: Please Cc: me on replies, as I am not a list subscriber. Thanks. -- http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html Need to read a Debian testing installation walk-through? ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgpievLoAK2tC.pgp
Description: PGP signature