Re: No tracker page for DSA-1912-2; missing data for DSA-191[67]-1

[Michael Gilbert <michael.s.gilbert@gmail.com>]

On Wed, 28 Oct 2009 19:44:51 +0100, Francesco Poli wrote:
> On Wed, 28 Oct 2009 14:01:03 -0400 Michael Gilbert wrote:
> 
> > On Sat, 24 Oct 2009 16:50:30 +0200, Francesco Poli wrote:
> > > Hi list,
> > > there's no tracker page for DSA-1912-2 (issued last night).
> > > This means that there's no fixed information for advi.
> > 
> > done.
> 
> The related CVE pages lack information about squeeze/sid fixed version
> (1.6.0-14+b1): AFAIUI, that's a binNMU, isn't it?
> Can binNMUs be tracked in the security tracker?

yes, this can and should be tracked, we just forgot to do it.  done now.

> Moreover, CVE-2009-2295 does not seem to be mentioned in the DSA: was
> it included in the DSA tracker page intentionally or just by mistake?

actually, just the opposite; CVE-2009-2295 is missing from the DSA by
mistake.  advi is statically linked to camlimages, and CVE-2009-2295 was
fixed in camlimages in another DSA previously (without updating advi
along with it), so the new static link to the current camlimages
addresses that old issue as well.

mike