[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DSAs really missing from the tracker

On Mon, 30 Mar 2009 18:18:53 -0400 Michael S. Gilbert wrote:

> On Mon, 30 Mar 2009 23:46:10 +0200, Francesco Poli wrote:
> > Hi.
> > 
> > DSA-1756-1 and DSA-1757-1 have been recently issued, but no
> > corresponding tracker page is present yet.
> > What happened to the automatic creation of DSA tracker pages?
> this is a good question.  what triggers generation of these pages?  i
> noticed that the DSAs that i just added did not get tracker pages
> automatically (for example,
> http://security-tracker.debian.net/tracker/DSA-1605).

I can confirm that the following previously missing DSAs are now
correctly tracked: DSA-1756-1, DSA-1757-1, DSA-1759-1, and DSA-1760-1.

Did you manually insert the data, or was the automatic DSA tracker
page creation reactivated?

> > Moreover, DSA-1755-1 was issued some days ago, explaining
> > CVE-2009-0784, which is however still marked as RESERVED on the
> > tracker: I cannot understand what's reserved about something that has
> > already been disclosed in a DSA...
> CVE descriptions are pulled in automatically from the mitre database.
> there can be a delay between disclosure and when they do their updates,
> which causes issues such as seen here. regardless, this can be updated
> manually, and i will do so.

I can confirm that DSA-1755-1 now seems to be correctly tracked (except
for etch status: the DSA claims that etch is not affected, but the
tracker says that etch is vulnerable...).

On the other hand, DSA-1758-1 refers to a CVE still marked as RESERVED
and hence reports incomplete information about vulnerable and fixed

P.S.: thanks for taking care of the reported inconsistencies!

 New location for my website! Update your bookmarks!
..................................................... Francesco Poli .
 GnuPG key fpr == C979 F34B 27CE 5CD8 DC12  31B5 78F4 279B DD6D FCF4

Attachment: pgpyOI9uXdsDT.pgp
Description: PGP signature

Reply to: