Hi all, again! DSA-1669-1 [1] has been just issued and a corresponding tracker page [2] was added. However, it seems that there are some inconsistencies between the DSA and the tracker. The DSA [1] claims that all the CVEs are fixed in sid by xulrunner/1.9.0.4-1, while the tracker pages for some CVEs (CVE-2008-5017, CVE-2008-5018, CVE-2008-0017, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, and CVE-2008-5024) claim that xulrunner/1.9.0.4-1 in sid is still vulnerable. If these are actual inconsistencies, please fix them ASAP. As always, a big thanks for your efforts in enhancing Debian security! [1] http://lists.debian.org/debian-security-announce/2008/msg00261.html [2] http://security-tracker.debian.net/tracker/DSA-1669-1 P.S.: Please Cc: me on replies, as I am not a list subscriber. Thanks. -- On some search engines, searching for my nickname AND "nano-documents" may lead you to my website... ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgptLEUXeyQ5W.pgp
Description: PGP signature