[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

New tracker inconsistencies

Hi all!

DSA 1389-1 [1] claims that zoph version 0.3.3-12sarge2 fixes
CVE-2007-3905 for sarge-security.
However, the CVE page [2] states that zoph in sarge-security is still
0.3.3-12sarge1 and still vulnerable.
The PTS [3] seems to confirm that no 0.3.3-12sarge2 exists (yet).
On the other hand the DSA [1] provides MD5 checksums for zoph version
0.3.3-12sarge1, which is old [4] and does not seem to fix CVE-2007-3905

Well, I'm lost...
Is this an inconsistency?

[1] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00164.html
[2] http://security-tracker.debian.net/tracker/CVE-2007-3905
[3] http://packages.qa.debian.org/z/zoph.html
[4] http://packages.qa.debian.org/z/zoph/news/20060310T184711Z.html

DSA 1390-1 [5] claims that t1lib version 5.0.2-3sarge1 and version
5.1.0-2etch1 fix CVE-2007-4033 for sarge-security and etch-security,
However, the CVE page [6] states that those very versions are

Is this an inconsistency?

[5] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00165.html
[6] http://security-tracker.debian.net/tracker/CVE-2007-4033

Please correct the above described inconsistencies (as long as they
actually are inconsistencies!), and please keep on with the good job you
are doing to improve the security of Debian!
Thank you very much.

P.S.: Please Cc: me on replies, as I am not a list subscriber.  Thanks.

 Need to read a Debian testing installation walk-through?
..................................................... Francesco Poli .
 GnuPG key fpr == C979 F34B 27CE 5CD8 DC12  31B5 78F4 279B DD6D FCF4

Attachment: pgpdYbm_yNLBI.pgp
Description: PGP signature

Reply to: