Re: Conflicting Information on CVE-2008-3699 Page

To: "Michael Gilbert" <michael.s.gilbert@gmail.com>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: Conflicting Information on CVE-2008-3699 Page
From: "Thijs Kinkhorst" <thijs@debian.org>
Date: Thu, 23 Oct 2008 08:59:01 +0200 (CEST)
Message-id: <[🔎] 9ce257c58f0ccca109373b6be5d35935.squirrel@wm.kinkhorst.nl>
In-reply-to: <[🔎] 8e2a98be0810221459l1bc675a4wbfc685c57028a2af@mail.gmail.com>
References: <[🔎] 8e2a98be0810221459l1bc675a4wbfc685c57028a2af@mail.gmail.com>

On Wed, October 22, 2008 23:59, Michael Gilbert wrote:
> The tracker page [1] for CVE-2008-3699 says "Debian/stable not known
> to be vulnerable", yet in the next section it says that "etch 1.4.4-4
> vulnerable".  These two statements contradict one another, and lead one
> clueless as to whether the issue has been fixed or not in stable. The
> tracker should be updated with correct information.

In this case the issue is marked as a "non-issue", the rationale is at the
bottom of the page. That makes the top part say that we're not affected.
The vulnerability indications below are not that meaningful for
non-issues.

We could see if we can improve the presentation of items marked as a
non-issue.

cheers,
Thijs

Reply to:

Follow-Ups:
- Re: Conflicting Information on CVE-2008-3699 Page
  - From: "Michael Gilbert" <michael.s.gilbert@gmail.com>

References:
- Conflicting Information on CVE-2008-3699 Page
  - From: "Michael Gilbert" <michael.s.gilbert@gmail.com>

Prev by Date: Conflicting Information on CVE-2008-3699 Page
Next by Date: Re: Conflicting Information on CVE-2008-3699 Page
Previous by thread: Conflicting Information on CVE-2008-3699 Page
Next by thread: Re: Conflicting Information on CVE-2008-3699 Page
Index(es):
- Date
- Thread