Re: libxfont1 issues should not show up in the latently vulnerable packages list

["Michael Gilbert" <michael.s.gilbert@gmail.com>]

> where did the reply come from? It never ended up on this
> list :/

the reply came from Julien Cristau.  he included
debian-security-tracker in the cc list in his email, so i'm not sure
why it didn't show up here.

> Looking at the underlying tracker data the problem seems to
> be that DSA-1466-2 included an upload for libxfont for the
> above CVE ids while only CVE-2008-0006 was fixed in the
> update of libxfont.

so it was a mistake when the fix was uploaded to etch?  can't you
hand-edit the security tracker data?