Hi everybody, I see from the list archive that the CUPS renaming got the attention it deserves. Unfortunately, it seems that the security tracker now lists several old vulnerabilities as fixed in package cups, but unfixed in package cupsys: http://security-tracker.debian.net/tracker/source-package/cupsys http://security-tracker.debian.net/tracker/status/release/unstable http://security-tracker.debian.net/tracker/status/release/testing http://security-tracker.debian.net/tracker/status/release/stable This seems to be wrong, since many of these vulnerabilities were actually fixed long ago (e.g.: CVE-2002-1384) or do not affect Debian (e.g.: CVE-2001-1508). Should the status of these vulnerabilities w.r.t. cups be copied to their status w.r.t. cupsys? I mean, for instance, CVE-2002-1384 is marked as fixed in unstable cups/1.1.18-1, but unfixed in unstable cupsys: I think it should be marked as fixed in unstable in both cups/1.1.18-1 and cupsys/1.1.18-1 ... I see that it was marked as "cupsys <removed>" in the SVN repository data/CVE/list, but this measure does not seem to work. P.S.: Please Cc: me on replies, as I am not a list subscriber. Thanks. -- http://frx.netsons.org/doc/index.html#nanodocs The nano-document series is here! ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgpqi5Mdzz9ps.pgp
Description: PGP signature