Re: Various tracker inconsistencies
On Sat, 7 Mar 2009 21:32:28 +0100 Francesco Poli wrote:
> Here's a list of the inconsistencies that are still present:
>
> http://security-tracker.debian.net/tracker/CVE-2008-5236
> http://security-tracker.debian.net/tracker/CVE-2008-5242
> http://security-tracker.debian.net/tracker/CVE-2008-5239
> http://security-tracker.debian.net/tracker/CVE-2008-5234
> http://security-tracker.debian.net/tracker/CVE-2008-5241
> http://security-tracker.debian.net/tracker/CVE-2008-5240
> http://security-tracker.debian.net/tracker/CVE-2008-5237
> http://security-tracker.debian.net/tracker/CVE-2009-0316
> http://security-tracker.debian.net/tracker/CVE-2008-4098
>
> As I said, these are cases where a vulnerability is still considered as
> unfixed in squeeze and fixed in lenny at the same time, with both
> suites having the *same exact* package version.
i need some advise on this. should i fix these issues, wait for new
packages to transition from unstable, or should the tracker code be
updated to recognize that when squeeze has the same version a
package marked as fixed in lenny that that version should be considered
fixed as well?
Reply to: