Re: DSA-1471-1 vs. tracker

To: debian-security-tracker@lists.debian.org
Subject: Re: DSA-1471-1 vs. tracker
From: Francesco Poli <frx@firenze.linux.it>
Date: Tue, 22 Jan 2008 19:03:48 +0100
Message-id: <[🔎] 20080122190348.b16ebb73.frx@firenze.linux.it>
In-reply-to: <[🔎] 20080121235602.GA11772@ngolde.de>
References: <[🔎] 20080121214351.e08fed34.frx@firenze.linux.it> <[🔎] 20080121235602.GA11772@ngolde.de>

On Tue, 22 Jan 2008 00:56:02 +0100 Nico Golde wrote:

[...]
> * Francesco Poli <frx@firenze.linux.it> [2008-01-22 00:24]:
[...]
> > Moreover, the same DSA [1] claims that version 1.1.2.dfsg-1.3 fixes the
> > above-mentioned CVEs for etch.  However the CVE-2007-4029 page [4] tells
> > a different story: it states that version 1.1.2.dfsg-1.3 is vulnerable.
> > Is this a security-tracker internal inconsistency?
> [...] 
> The source package name was missing from the sarge tag in 
> our DSA file. Fixed this in svn.

The DSA page now seems OK: that's an improvement!  :-)

Nonetheless, the CVE-2007-4029 page still seems to be out of
sync...  :-(

> Thanks alot for reporting!

You're welcome.

-- 
 http://frx.netsons.org/progs/scripts/refresh-pubring.html
 New! Version 0.6 available! What? See for yourself!
..................................................... Francesco Poli .
 GnuPG key fpr == C979 F34B 27CE 5CD8 DC12  31B5 78F4 279B DD6D FCF4

Attachment: pgpFo0FU5wvcq.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: DSA-1471-1 vs. tracker
  - From: Moritz Muehlenhoff <jmm@inutil.org>

References:
- DSA-1471-1 vs. tracker
  - From: Francesco Poli <frx@firenze.linux.it>
- Re: DSA-1471-1 vs. tracker
  - From: Nico Golde <nico@ngolde.de>

Prev by Date: Re: DSA-1471-1 vs. tracker
Next by Date: Re: DSA-1471-1 vs. tracker
Previous by thread: Re: DSA-1471-1 vs. tracker
Next by thread: Re: DSA-1471-1 vs. tracker
Index(es):
- Date
- Thread