[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

DSA-1618-1 vs. tracker



Hi once again!

DSA-1618-1 [1] has been recently issued and its tracker page seems to
suffer from the same issues I reported with respect to
DSA-1612-1 [2] ...   :-(

Just to be clear, I'll repeat those issues in the following.

The tracker page [3] lists the spurious CVE-2006-2662 [4] (which talks
about VMware Server) as fixed by ruby1.9/1.9.0+20060609-1etch2.
This CVE was added to the tracker page due to a typo in the DSA (the
same typo that also appeared in DSA-1612-1 !) ...

Moreover, the DSA [1] claims that all the CVEs are fixed in unstable by
ruby1.9/1.9.0.2-2, while the tracker page for CVE-2008-2376 [5] claims
that ruby1.9/1.9.0.2-4 is still vulnerable.

Please fix these inconsistencies ASAP.
Thanks in advance.

[1] http://lists.debian.org/debian-security-announce/2008/msg00203.html
[2] http://lists.debian.org/debian-security-tracker/2008/07/msg00013.html
[3] http://security-tracker.debian.net/tracker/DSA-1618-1
[4] http://security-tracker.debian.net/tracker/CVE-2006-2662
[5] http://security-tracker.debian.net/tracker/CVE-2008-2376

P.S.: Please Cc: me on replies, as I am not a list subscriber.  Thanks.

-- 
 http://frx.netsons.org/doc/index.html#nanodocs
 The nano-document series is here!
..................................................... Francesco Poli .
 GnuPG key fpr == C979 F34B 27CE 5CD8 DC12  31B5 78F4 279B DD6D FCF4

Attachment: pgpaJr4sP6xsZ.pgp
Description: PGP signature


Reply to: