Various tracker inconsistencies

To: debian-security-tracker@lists.debian.org
Subject: Various tracker inconsistencies
From: Francesco Poli <frx@firenze.linux.it>
Date: Sat, 7 Mar 2009 19:19:45 +0100
Message-id: <[🔎] 20090307191945.2b5b0f2f.frx@firenze.linux.it>

Hi.

I noticed some inconsistencies between DSAs and the tracker.
I feel I should report them to this list (since topics include
"bugreports about incorrect data entries" [1]), but please do not reply
"if you are the one who cares, you have to fix them by yourself":
I've already explained that I am not going to install Subversion in
order to do this (because I am not convinced that clause 5 of the
Subversion license meets the DFSG).

That said, let's talk about inconsistencies.

DSA-1721-1 [2] claims that CVE-2009-0360 and CVE-2009-0361 are fixed
for lenny in libpam-krb5/3.11-4, but the tracker disagrees [3][4].

DSA-1724-1 [5] claims that CVE-2008-5153 is fixed for lenny in
moodle/1.8.2.dfsg-3+lenny1 and for unstable in moodle/1.8.2.dfsg-4, but
the tracker disagrees [6].

DSA-1730-1 [7] claims that CVE-2009-0542 and CVE-2009-0543 are fixed
for lenny in proftpd-dfsg/1.3.1-17lenny2 and for unstable in
proftpd-dfsg/1.3.2-1, but the tracker disagrees [8][9].
The same DSA also claims that etch is unaffected by these problems; the
tracker again disagrees [8][9].

DSA-1733-1 [10] claims that CVE-2008-3074, CVE-2008-3075,
CVE-2008-3076, and CVE-2008-4101 are fixed for squeeze in
vim/1:7.1.314-3+lenny1, but the tracker disagrees [11][12][13][14].

Please fix these inconsistencies.


P.S.: Please Cc: me on replies, as I am not a list subscriber.  Thanks.


 [1] http://lists.debian.org/debian-security-tracker/
 [2] http://lists.debian.org/debian-security-announce/2009/msg00030.html
 [3] http://security-tracker.debian.net/tracker/CVE-2009-0360
 [4] http://security-tracker.debian.net/tracker/CVE-2009-0361
 [5] http://lists.debian.org/debian-security-announce/2009/msg00033.html
 [6] http://security-tracker.debian.net/tracker/CVE-2008-5153
 [7] http://lists.debian.org/debian-security-announce/2009/msg00040.html
 [8] http://security-tracker.debian.net/tracker/CVE-2009-0542
 [9] http://security-tracker.debian.net/tracker/CVE-2009-0543
[10] http://lists.debian.org/debian-security-announce/2009/msg00043.html
[11] http://security-tracker.debian.net/tracker/CVE-2008-3074
[12] http://security-tracker.debian.net/tracker/CVE-2008-3075
[13] http://security-tracker.debian.net/tracker/CVE-2008-3076
[14] http://security-tracker.debian.net/tracker/CVE-2008-4101


-- 
 On some search engines, searching for my nickname AND
 "nano-documents" may lead you to my website...  
..................................................... Francesco Poli .
 GnuPG key fpr == C979 F34B 27CE 5CD8 DC12  31B5 78F4 279B DD6D FCF4

Attachment: pgpEpseTj41Ml.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Various tracker inconsistencies
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

Next by Date: Re: Various tracker inconsistencies
Next by thread: Re: Various tracker inconsistencies
Index(es):
- Date
- Thread