Hi Thijs, * Thijs Kinkhorst <thijs@debian.org> [2007-11-10 19:36]: > On Friday 9 November 2007 23:52, Francesco Poli wrote: > > DSA 1404-1 [1] claims that gallery2 version 2.1.2-2.0.etch.1 fixes > > CVE-2007-4650 for etch. > > The DSA page [2] seems to confirm this. > > However the CVE page [3] tells a different story: it states that version > > 2.1.2-2.0.etch.1 is vulnerable. > > Is this a security-tracker internal inconsistency? > > I'm a bit confused by this. The tracker information now says: > > CVE-2007-4650 (Multiple unspecified vulnerabilities in Gallery before 2.2.3 > allow ...) > {DSA-1404-1} > - gallery2 2.2.3-1 > [etch] - gallery2 <unfixed> (bug #441407) > NOTE: does not affect gallery 1.x (package 'gallery') > > Do I need to replace that "<unfixed>" by hand by the fixed version? I somehow > thought that the DSA-1404-1 would take care of that. Can someone enlighten me > how this works exactly? You can completely delete the etch line since that's what the DSA was added for. Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpiZTkje7BEU.pgp
Description: PGP signature