Re: libxfont1 issues should not show up in the latently vulnerable packages list

To: Nico Golde <nico@ngolde.de>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: libxfont1 issues should not show up in the latently vulnerable packages list
From: Florian Weimer <fw@deneb.enyo.de>
Date: Sun, 06 Jul 2008 17:22:38 +0200
Message-id: <[🔎] 87mykv2g1t.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 20080706095805.GB23347@ngolde.de> (Nico Golde's message of "Sun, 6 Jul 2008 11:58:05 +0200")
References: <8e2a98be0805031652o1d474fb8x2b5171673c9d9226@mail.gmail.com> <20080508135326.GA2123@patate.is-a-geek.org> <[🔎] 8e2a98be0807051900j793db1e1s45bd95eff9977a91@mail.gmail.com> <[🔎] 20080706095805.GB23347@ngolde.de>

* Nico Golde:

> Looking at the underlying tracker data the problem seems to 
> be that DSA-1466-2 included an upload for libxfont for the 
> above CVE ids while only CVE-2008-0006 was fixed in the 
> update of libxfont. Also only CVE-2008-0006 applies to the 
> package in testing/unstable.

A workaround is to copy the libxfont annotation to the CVE/list file and
remove it from the DSA/list file.

Reply to:

Follow-Ups:
- Re: libxfont1 issues should not show up in the latently vulnerable packages list
  - From: Nico Golde <nico@ngolde.de>

References:
- Re: libxfont1 issues should not show up in the latently vulnerable packages list
  - From: "Michael Gilbert" <michael.s.gilbert@gmail.com>
- Re: libxfont1 issues should not show up in the latently vulnerable packages list
  - From: Nico Golde <nico@ngolde.de>

Prev by Date: Re: libxfont1 issues should not show up in the latently vulnerable packages list
Next by Date: Re: automatically add DSA's
Previous by thread: Re: libxfont1 issues should not show up in the latently vulnerable packages list
Next by thread: Re: libxfont1 issues should not show up in the latently vulnerable packages list
Index(es):
- Date
- Thread