On Tue, 22 Jan 2008 00:56:02 +0100 Nico Golde wrote: [...] > * Francesco Poli <frx@firenze.linux.it> [2008-01-22 00:24]: [...] > > Moreover, the same DSA [1] claims that version 1.1.2.dfsg-1.3 fixes the > > above-mentioned CVEs for etch. However the CVE-2007-4029 page [4] tells > > a different story: it states that version 1.1.2.dfsg-1.3 is vulnerable. > > Is this a security-tracker internal inconsistency? > [...] > The source package name was missing from the sarge tag in > our DSA file. Fixed this in svn. The DSA page now seems OK: that's an improvement! :-) Nonetheless, the CVE-2007-4029 page still seems to be out of sync... :-( > Thanks alot for reporting! You're welcome. -- http://frx.netsons.org/progs/scripts/refresh-pubring.html New! Version 0.6 available! What? See for yourself! ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgpFo0FU5wvcq.pgp
Description: PGP signature