Re: DSA-1770-1: No, it's not lenny security

To: debian-security-tracker@lists.debian.org, Francesco Poli <frx@firenze.linux.it>
Subject: Re: DSA-1770-1: No, it's not lenny security
From: Steffen Joeris <steffen.joeris@skolelinux.de>
Date: Tue, 14 Apr 2009 13:11:00 +1100
Message-id: <[🔎] 200904141211.01745.steffen.joeris@skolelinux.de>
In-reply-to: <[🔎] 20090413182309.7f07b17e.frx@firenze.linux.it>
References: <[🔎] 20090413182309.7f07b17e.frx@firenze.linux.it>

On Tue, 14 Apr 2009 02:23:09 am Francesco Poli wrote:
> Hi all,
>
> DSA-1770-1 [1] has just been issued, and the corresponding tracker page
> [2] has been created.
> There's something strange, though.
> The DSA says that the two vulnerabilities are fixed for etch in version
> 4.1.3-4etch1, while the CVE tracker pages [3][4] say that version
> 4.1.3-4etch1 is for *lenny (security)* and still vulnerable...
>
> I cannot understand what's wrong.
>
> [1] http://lists.debian.org/debian-security-announce/2009/msg00081.html
> [2] http://security-tracker.debian.net/tracker/DSA-1770-1
> [3] http://security-tracker.debian.net/tracker/CVE-2008-4182
> [4] http://security-tracker.debian.net/tracker/CVE-2009-0930
>
> P.S.: Please Cc: me on replies, as I am not a list subscriber.  Thanks.
I've already notified ftpmaster and they should fix it soon.
The package had the wrong distribution in the changelog.

Thanks for reporting.

Cheers
Steffen

Reply to:

Follow-Ups:
- Re: DSA-1770-1: No, it's not lenny security
  - From: Francesco Poli <frx@firenze.linux.it>

References:
- DSA-1770-1: No, it's not lenny security
  - From: Francesco Poli <frx@firenze.linux.it>

Prev by Date: DSA-1770-1: No, it's not lenny security
Next by Date: Re: DSA-1770-1: No, it's not lenny security
Previous by thread: DSA-1770-1: No, it's not lenny security
Next by thread: Re: DSA-1770-1: No, it's not lenny security
Index(es):
- Date
- Thread