Hi everyone, DSA-1771-1 [1] was issued back on Wednesday, and the corresponding tracker page [2] was created. I think there are a few inconsistencies, though. The DSA refers to two CVEs [3][4] and to one further vulnerability with no CVE number yet. The DSA tracker page [2] only refers to the two CVEs. I think it would be useful to mark the CVE-less vulnerability as fixed, as well, maybe by referring to a TEMP, which will later be converted into a CVE... Moreover, the DSA says that the two CVEs are fixed * for etch in version 0.90.1dfsg-4etch19 * for lenny in version 0.94.dfsg.2-1lenny2 * for sid in version 0.95.1+dfsg-1 On the other hand, the CVE tracker pages [3][4] also claim that squeeze is fixed, even though it still has version 0.94.dfsg.2-1. Is this good news, or just a mistake on the tracker? Please clarify and/or correct these inconsistencies. [1] http://lists.debian.org/debian-security-announce/2009/msg00082.html [2] http://security-tracker.debian.net/tracker/DSA-1771-1 [3] http://security-tracker.debian.net/tracker/CVE-2008-6680 [4] http://security-tracker.debian.net/tracker/CVE-2009-1270 P.S.: Please Cc: me on replies, as I am not a list subscriber. Thanks. -- New location for my website! Update your bookmarks! http://www.inventati.org/frx ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgpDtWRNsG5qR.pgp
Description: PGP signature