Re: Tracker inconsistencies for iceape?

To: Francesco Poli <frx@firenze.linux.it>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: Tracker inconsistencies for iceape?
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Fri, 9 Nov 2007 23:56:43 +0100
Message-id: <[🔎] 20071109225643.GA3863@galadriel.inutil.org>
In-reply-to: <[🔎] 20071107004558.6337db22.frx@firenze.linux.it>
References: <[🔎] 20071107004558.6337db22.frx@firenze.linux.it>

On Wed, Nov 07, 2007 at 12:45:58AM +0100, Francesco Poli wrote:
> Hi all!
> 
> DSA 1401-1 [1] claims that iceape version 1.0.11~pre071022-0etch1 and
> version 1.1.5-1 fix the following vulnerabilities:
> CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-5334 CVE-2007-5337
> CVE-2007-5338 CVE-2007-5339 CVE-2007-5340.
> However, the DSA page [2] also lists CVE-2006-2894 as fixed in version
> 1.0.11~pre071022-0etch1.
> Is this a spurious addition in the DSA tracker page or a missing item in
> the DSA message?

It was fixed in the DSA, but the CVE wasn't known at time of release.

> Moreover the individual CVE tracker pages [3] all claim that version
> 1.1.5-1 is still vulnerable.
> Is this an inconsistency?

Yes, fixed.

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: Tracker inconsistencies for iceape?
  - From: Francesco Poli <frx@firenze.linux.it>

References:
- Tracker inconsistencies for iceape?
  - From: Francesco Poli <frx@firenze.linux.it>

Prev by Date: Tracker inconsistency regarding gallery2?
Next by Date: Re: Tracker inconsistencies for iceape?
Previous by thread: Tracker inconsistencies for iceape?
Next by thread: Re: Tracker inconsistencies for iceape?
Index(es):
- Date
- Thread