Hi all!
DSA 1401-1 [1] claims that iceape version 1.0.11~pre071022-0etch1 and
version 1.1.5-1 fix the following vulnerabilities:
CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-5334 CVE-2007-5337
CVE-2007-5338 CVE-2007-5339 CVE-2007-5340.
However, the DSA page [2] also lists CVE-2006-2894 as fixed in version
1.0.11~pre071022-0etch1.
Is this a spurious addition in the DSA tracker page or a missing item in
the DSA message?
Moreover the individual CVE tracker pages [3] all claim that version
1.1.5-1 is still vulnerable.
Is this an inconsistency?
[1] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00178.html
[2] http://security-tracker.debian.net/tracker/DSA-1401-1
[3] http://security-tracker.debian.net/tracker/CVE-2006-2894
and so forth
Please correct the above described inconsistencies (as long as they
actually are inconsistencies!), and please keep on with your great job
in Debian (testing) security!
Thank you very much.
P.S.: Please Cc: me on replies, as I am not a list subscriber. Thanks.
--
http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html
Need to read a Debian testing installation walk-through?
..................................................... Francesco Poli .
GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgp86EznrzwsZ.pgp
Description: PGP signature