Hi all! DSA-1848-1 has been recently issued without a CVE number for the vulnerability (because it has been requested, but not yet assigned): http://lists.debian.org/debian-security-announce/2009/msg00164.html For this reason, the corresponding tracker page lacks any reference to the vulnerability (this issue with the tracker has already been discussed in the past: I really think it should be fixed as soon as possible...): http://security-tracker.debian.net/tracker/DSA-1848-1 As a consequence, the temporary issue name associated with the corresponding BTS bug is shown as fixed in squeeze/sid, but not in lenny (security) or etch (security): http://security-tracker.debian.net/tracker/537977 I thought I could be smarter than the tracker and sent a message to the control bot, marking the bug as fixed in the security-update versions: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=17;bug=537977 Almost one day has passed, and this new information still fails to show up in http://security-tracker.debian.net/tracker/537977 What's wrong? I thought the tracker could fetch version information from the BTS, when a vulnerability is associated with a BTS bug... Was I too optimistic? ;-) I think this feature could be useful to have in the security tracker. In the meanwhile, can someone update the tracker? Thanks in advance. -- New location for my website! Update your bookmarks! http://www.inventati.org/frx ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgpt1Y_IsE1xD.pgp
Description: PGP signature