moodle issues should not show up in the latently vulnerable packages list
it appears that the recent moodle issues (CVE-2006-146 and
CVE-2006-147) never affected sid (they were only applicable to
sarge [1]). however, they are still listed in the latently vulnerable
problems [2]. the last message of bug #349985 [3] says that 'the
bug existed in multiple distributions (for instance, "unstable" and
"stable") and was thus fixed in a separate upload to each
distribution.' hence, it appears that the issue has been fully
dealt with in all archives, including sid. please update the
security-tracker data to correctly reflect that this is the case.
thanks for the hard work.
[1] http://security-tracker.debian.net/tracker/DSA-1030-1
[2] http://security-tracker.debian.net/tracker/data/latently-vulnerable
[3] http://bugs.debian.org/349985
Reply to: