Hi Thijs,
* Thijs Kinkhorst <thijs@debian.org> [2007-11-10 19:36]:
> On Friday 9 November 2007 23:52, Francesco Poli wrote:
> > DSA 1404-1 [1] claims that gallery2 version 2.1.2-2.0.etch.1 fixes
> > CVE-2007-4650 for etch.
> > The DSA page [2] seems to confirm this.
> > However the CVE page [3] tells a different story: it states that version
> > 2.1.2-2.0.etch.1 is vulnerable.
> > Is this a security-tracker internal inconsistency?
>
> I'm a bit confused by this. The tracker information now says:
>
> CVE-2007-4650 (Multiple unspecified vulnerabilities in Gallery before 2.2.3
> allow ...)
> {DSA-1404-1}
> - gallery2 2.2.3-1
> [etch] - gallery2 <unfixed> (bug #441407)
> NOTE: does not affect gallery 1.x (package 'gallery')
>
> Do I need to replace that "<unfixed>" by hand by the fixed version? I somehow
> thought that the DSA-1404-1 would take care of that. Can someone enlighten me
> how this works exactly?
You can completely delete the etch line since that's
what the DSA was added for.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpiZTkje7BEU.pgp
Description: PGP signature