Hi. I noticed some inconsistencies between DSAs and the tracker. I feel I should report them to this list (since topics include "bugreports about incorrect data entries" [1]), but please do not reply "if you are the one who cares, you have to fix them by yourself": I've already explained that I am not going to install Subversion in order to do this (because I am not convinced that clause 5 of the Subversion license meets the DFSG). That said, let's talk about inconsistencies. DSA-1721-1 [2] claims that CVE-2009-0360 and CVE-2009-0361 are fixed for lenny in libpam-krb5/3.11-4, but the tracker disagrees [3][4]. DSA-1724-1 [5] claims that CVE-2008-5153 is fixed for lenny in moodle/1.8.2.dfsg-3+lenny1 and for unstable in moodle/1.8.2.dfsg-4, but the tracker disagrees [6]. DSA-1730-1 [7] claims that CVE-2009-0542 and CVE-2009-0543 are fixed for lenny in proftpd-dfsg/1.3.1-17lenny2 and for unstable in proftpd-dfsg/1.3.2-1, but the tracker disagrees [8][9]. The same DSA also claims that etch is unaffected by these problems; the tracker again disagrees [8][9]. DSA-1733-1 [10] claims that CVE-2008-3074, CVE-2008-3075, CVE-2008-3076, and CVE-2008-4101 are fixed for squeeze in vim/1:7.1.314-3+lenny1, but the tracker disagrees [11][12][13][14]. Please fix these inconsistencies. P.S.: Please Cc: me on replies, as I am not a list subscriber. Thanks. [1] http://lists.debian.org/debian-security-tracker/ [2] http://lists.debian.org/debian-security-announce/2009/msg00030.html [3] http://security-tracker.debian.net/tracker/CVE-2009-0360 [4] http://security-tracker.debian.net/tracker/CVE-2009-0361 [5] http://lists.debian.org/debian-security-announce/2009/msg00033.html [6] http://security-tracker.debian.net/tracker/CVE-2008-5153 [7] http://lists.debian.org/debian-security-announce/2009/msg00040.html [8] http://security-tracker.debian.net/tracker/CVE-2009-0542 [9] http://security-tracker.debian.net/tracker/CVE-2009-0543 [10] http://lists.debian.org/debian-security-announce/2009/msg00043.html [11] http://security-tracker.debian.net/tracker/CVE-2008-3074 [12] http://security-tracker.debian.net/tracker/CVE-2008-3075 [13] http://security-tracker.debian.net/tracker/CVE-2008-3076 [14] http://security-tracker.debian.net/tracker/CVE-2008-4101 -- On some search engines, searching for my nickname AND "nano-documents" may lead you to my website... ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgpEpseTj41Ml.pgp
Description: PGP signature