[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: No DSA-168[67]-1 on the tracker



On Wed, 17 Dec 2008 11:50:14 +0100 (CET) Thijs Kinkhorst wrote:

[...]
> Something went wrong which brought the checkout the script uses to commit
> its update in, in a conflict state. I resolved that now, and Florian added
> the missing DSA's.

OK, I've just checked the two missing DSAs.

Everything seems to be fine, except for CVE-2008-5182, which is
incorrectly mentioned in DSA-1687-1 [1] as "CVE_2008-5182" (please note
the underscore!).
As a consequence, the regular expression which (I guess) is used to
parse the DSA missed it, and thus CVE-2008-5182 [2] is not marked as
fixed in etch (security) on the tracker, and the DSA tracker page [3]
fails to include CVE-2008-5182 in its reference list.

[1] http://lists.debian.org/debian-security-announce/2008/msg00279.html
[2] http://security-tracker.debian.net/tracker/CVE-2008-5182
[3] http://security-tracker.debian.net/tracker/DSA-1687-1


-- 
 On some search engines, searching for my nickname AND
 "nano-documents" may lead you to my website...  
..................................................... Francesco Poli .
 GnuPG key fpr == C979 F34B 27CE 5CD8 DC12  31B5 78F4 279B DD6D FCF4

Attachment: pgpVNP4V7Sb8n.pgp
Description: PGP signature


Reply to: