Re: New tracker inconsistencies
* Francesco Poli:
> DSA 1389-1 [1] claims that zoph version 0.3.3-12sarge2 fixes
> CVE-2007-3905 for sarge-security.
> However, the CVE page [2] states that zoph in sarge-security is still
> 0.3.3-12sarge1 and still vulnerable.
This is technically correct because there is no -sarge2 in
oldstable-security. The -sarge2 version was mistakenly uploaded to
stable-security, that's why it's missing. This will be rectified soon.
> DSA 1390-1 [5] claims that t1lib version 5.0.2-3sarge1 and version
> 5.1.0-2etch1 fix CVE-2007-4033 for sarge-security and etch-security,
> respectively.
> However, the CVE page [6] states that those very versions are
> vulnerable.
This was an editorial mistake, it should be fixed soon.
Reply to: