DSA-1770-1: No, it's not lenny security

To: debian-security-tracker@lists.debian.org
Subject: DSA-1770-1: No, it's not lenny security
From: Francesco Poli <frx@firenze.linux.it>
Date: Mon, 13 Apr 2009 18:23:09 +0200
Message-id: <[🔎] 20090413182309.7f07b17e.frx@firenze.linux.it>

Hi all,

DSA-1770-1 [1] has just been issued, and the corresponding tracker page
[2] has been created.
There's something strange, though.
The DSA says that the two vulnerabilities are fixed for etch in version
4.1.3-4etch1, while the CVE tracker pages [3][4] say that version
4.1.3-4etch1 is for *lenny (security)* and still vulnerable...

I cannot understand what's wrong.

[1] http://lists.debian.org/debian-security-announce/2009/msg00081.html
[2] http://security-tracker.debian.net/tracker/DSA-1770-1
[3] http://security-tracker.debian.net/tracker/CVE-2008-4182
[4] http://security-tracker.debian.net/tracker/CVE-2009-0930

P.S.: Please Cc: me on replies, as I am not a list subscriber.  Thanks.

-- 
 New location for my website! Update your bookmarks!
 http://www.inventati.org/frx
..................................................... Francesco Poli .
 GnuPG key fpr == C979 F34B 27CE 5CD8 DC12  31B5 78F4 279B DD6D FCF4

Attachment: pgpQJM_Efnms1.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: DSA-1770-1: No, it's not lenny security
  - From: Steffen Joeris <steffen.joeris@skolelinux.de>

Prev by Date: Re: No DSA-1768-1 on the tracker
Next by Date: Re: DSA-1770-1: No, it's not lenny security
Previous by thread: Re: No DSA-1768-1 on the tracker
Next by thread: Re: DSA-1770-1: No, it's not lenny security
Index(es):
- Date
- Thread