Hi once again! DSA-1618-1 [1] has been recently issued and its tracker page seems to suffer from the same issues I reported with respect to DSA-1612-1 [2] ... :-( Just to be clear, I'll repeat those issues in the following. The tracker page [3] lists the spurious CVE-2006-2662 [4] (which talks about VMware Server) as fixed by ruby1.9/1.9.0+20060609-1etch2. This CVE was added to the tracker page due to a typo in the DSA (the same typo that also appeared in DSA-1612-1 !) ... Moreover, the DSA [1] claims that all the CVEs are fixed in unstable by ruby1.9/1.9.0.2-2, while the tracker page for CVE-2008-2376 [5] claims that ruby1.9/1.9.0.2-4 is still vulnerable. Please fix these inconsistencies ASAP. Thanks in advance. [1] http://lists.debian.org/debian-security-announce/2008/msg00203.html [2] http://lists.debian.org/debian-security-tracker/2008/07/msg00013.html [3] http://security-tracker.debian.net/tracker/DSA-1618-1 [4] http://security-tracker.debian.net/tracker/CVE-2006-2662 [5] http://security-tracker.debian.net/tracker/CVE-2008-2376 P.S.: Please Cc: me on replies, as I am not a list subscriber. Thanks. -- http://frx.netsons.org/doc/index.html#nanodocs The nano-document series is here! ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgpQwpyYTYolz.pgp
Description: PGP signature