On Wed, 17 Dec 2008 11:50:14 +0100 (CET) Thijs Kinkhorst wrote: [...] > Something went wrong which brought the checkout the script uses to commit > its update in, in a conflict state. I resolved that now, and Florian added > the missing DSA's. OK, I've just checked the two missing DSAs. Everything seems to be fine, except for CVE-2008-5182, which is incorrectly mentioned in DSA-1687-1 [1] as "CVE_2008-5182" (please note the underscore!). As a consequence, the regular expression which (I guess) is used to parse the DSA missed it, and thus CVE-2008-5182 [2] is not marked as fixed in etch (security) on the tracker, and the DSA tracker page [3] fails to include CVE-2008-5182 in its reference list. [1] http://lists.debian.org/debian-security-announce/2008/msg00279.html [2] http://security-tracker.debian.net/tracker/CVE-2008-5182 [3] http://security-tracker.debian.net/tracker/DSA-1687-1 -- On some search engines, searching for my nickname AND "nano-documents" may lead you to my website... ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgpVNP4V7Sb8n.pgp
Description: PGP signature