[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Conflicting Information on CVE-2008-3699 Page



>> The tracker page [1] for CVE-2008-3699 says "Debian/stable not known
>> to be vulnerable", yet in the next section it says that "etch 1.4.4-4
>> vulnerable".  These two statements contradict one another, and lead one
>> clueless as to whether the issue has been fixed or not in stable. The
>> tracker should be updated with correct information.
>
> In this case the issue is marked as a "non-issue", the rationale is at the
> bottom of the page. That makes the top part say that we're not affected.
> The vulnerability indications below are not that meaningful for
> non-issues.
>
> We could see if we can improve the presentation of items marked as a
> non-issue.

The CVE-2008-3230 page seems to have the same problem.  What would
need to be done to fix this?  I may have some time to look at the code
and make it work better -- if someone can tell me where to start.  Is
the code that generates these pages contained in the secure-testing
package?


Reply to: