Re: New tracker inconsistencies

To: Francesco Poli <frx@firenze.linux.it>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: New tracker inconsistencies
From: Florian Weimer <fw@deneb.enyo.de>
Date: Sat, 20 Oct 2007 12:22:05 +0200
Message-id: <[🔎] 87tzom5bn6.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 20071019235032.46df9d91.frx@firenze.linux.it> (Francesco Poli's message of "Fri, 19 Oct 2007 23:50:32 +0200")
References: <[🔎] 20071019235032.46df9d91.frx@firenze.linux.it>

* Francesco Poli:

> DSA 1389-1 [1] claims that zoph version 0.3.3-12sarge2 fixes
> CVE-2007-3905 for sarge-security.
> However, the CVE page [2] states that zoph in sarge-security is still
> 0.3.3-12sarge1 and still vulnerable.

This is technically correct because there is no -sarge2 in
oldstable-security.  The -sarge2 version was mistakenly uploaded to
stable-security, that's why it's missing.  This will be rectified soon.

> DSA 1390-1 [5] claims that t1lib version 5.0.2-3sarge1 and version
> 5.1.0-2etch1 fix CVE-2007-4033 for sarge-security and etch-security,
> respectively.
> However, the CVE page [6] states that those very versions are
> vulnerable.

This was an editorial mistake, it should be fixed soon.

Reply to:

Follow-Ups:
- Re: New tracker inconsistencies
  - From: Francesco Poli <frx@firenze.linux.it>

References:
- New tracker inconsistencies
  - From: Francesco Poli <frx@firenze.linux.it>

Prev by Date: New tracker inconsistencies
Next by Date: Re: New tracker inconsistencies
Previous by thread: New tracker inconsistencies
Next by thread: Re: New tracker inconsistencies
Index(es):
- Date
- Thread