On Fri, 9 Nov 2007 23:56:43 +0100 Moritz Muehlenhoff wrote: > On Wed, Nov 07, 2007 at 12:45:58AM +0100, Francesco Poli wrote: > > Hi all! > > > > DSA 1401-1 [1] claims that iceape version 1.0.11~pre071022-0etch1 > > and version 1.1.5-1 fix the following vulnerabilities: > > CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-5334 > > CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340. > > However, the DSA page [2] also lists CVE-2006-2894 as fixed in > > version 1.0.11~pre071022-0etch1. > > Is this a spurious addition in the DSA tracker page or a missing > > item in the DSA message? > > It was fixed in the DSA, but the CVE wasn't known at time of release. Ah, I see. Thanks for the explanation. > > > Moreover the individual CVE tracker pages [3] all claim that version > > 1.1.5-1 is still vulnerable. > > Is this an inconsistency? > > Yes, fixed. It seems to be fixed in http://security-tracker.debian.net/tracker/CVE-2006-2894 but *not* in http://security-tracker.debian.net/tracker/CVE-2007-1095 http://security-tracker.debian.net/tracker/CVE-2007-2292 http://security-tracker.debian.net/tracker/CVE-2007-3511 http://security-tracker.debian.net/tracker/CVE-2007-5334 http://security-tracker.debian.net/tracker/CVE-2007-5337 http://security-tracker.debian.net/tracker/CVE-2007-5338 http://security-tracker.debian.net/tracker/CVE-2007-5339 http://security-tracker.debian.net/tracker/CVE-2007-5340 -- http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html Need to read a Debian testing installation walk-through? ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgpFLBlOG0Xs8.pgp
Description: PGP signature