Hi all! DSA-1540-1 [1] was issued back on Monday and a corresponding tracker page [2] has recently been added. However, it seems that the tracker page [2] has a typo. The DSA [1] refers to CVE-2008-1531 [3], which indeed talks about lighttpd; on the other hand the tracker page [2] refers to CVE-2008-1351 [4], which talks about XOOPS. This caused a CVE tracker page [5] which talks about a XOOPS vulnerability fixed in a version of lighttpd, which is, well, quite awkward. Correct me, if I'm wrong. Otherwise, please fix the typo ASAP. Thank you all for your great job in improving Debian security! [1] http://lists.debian.org/debian-security-announce/2008/msg00110.html [2] http://security-tracker.debian.net/tracker/DSA-1540-1 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1351 [5] http://security-tracker.debian.net/tracker/CVE-2008-1351 P.S.: Please Cc: me on replies, as I am not a list subscriber. Thanks. -- http://frx.netsons.org/progs/scripts/refresh-pubring.html New! Version 0.6 available! What? See for yourself! ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgpU0SfrvoeRB.pgp
Description: PGP signature