Re: DSA-1615-1 vs. tracker

To: debian-security-tracker@lists.debian.org
Cc: Francesco Poli <frx@firenze.linux.it>
Subject: Re: DSA-1615-1 vs. tracker
From: Thijs Kinkhorst <thijs@debian.org>
Date: Sat, 26 Jul 2008 19:34:27 +0200
Message-id: <[🔎] 200807261934.29514.thijs@debian.org>
In-reply-to: <[🔎] 20080725010728.e144bebc.frx@firenze.linux.it>
References: <[🔎] 20080723230454.c6130f3c.frx@firenze.linux.it> <[🔎] e339c248cabaf5fabd03b6dbd7e5e444.squirrel@wm.kinkhorst.nl> <[🔎] 20080725010728.e144bebc.frx@firenze.linux.it>

On Friday 25 July 2008 01:07, Francesco Poli wrote:
> > > I think I've noticed another DSA with tracker inconsistencies.
> > > DSA-1615-1 [1] claims that several CVEs are fixed in
> > > xulrunner/1.9.0.1-1 for sid.  On the other hand, most of these CVEs
> > > (which are linked from the DSA tracker page [2]) are not reported as
> > > fixed in
> > > xulrunner/1.9.0.1-1 by the tracker.

> Maybe you're right, but... one day is gone and the inconsistencies are
> still there.

Well, on a page for a specific CVE you can see under the "xulrunner" package 
entry that etch (security) is indeed fixed, so I believe the tracker data is 
in order. That the top of the page says "packages iceape, icedove, iceweasel, 
xulrunner are vulnerable" may be an error in the display code of the tracker?

Thijs

Attachment: pgphDKFQTGduz.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: DSA-1615-1 vs. tracker
  - From: Francesco Poli <frx@firenze.linux.it>

References:
- DSA-1615-1 vs. tracker
  - From: Francesco Poli <frx@firenze.linux.it>
- Re: DSA-1615-1 vs. tracker
  - From: "Thijs Kinkhorst" <thijs@debian.org>
- Re: DSA-1615-1 vs. tracker
  - From: Francesco Poli <frx@firenze.linux.it>

Prev by Date: Re: DSA-1618-1 vs. tracker
Next by Date: Re: DSA-1615-1 vs. tracker
Previous by thread: Re: DSA-1615-1 vs. tracker
Next by thread: Re: DSA-1615-1 vs. tracker
Index(es):
- Date
- Thread