On Wed, 28 Oct 2009 15:47:49 -0400 Michael Gilbert wrote: > On Wed, 28 Oct 2009 19:44:51 +0100, Francesco Poli wrote: > > On Wed, 28 Oct 2009 14:01:03 -0400 Michael Gilbert wrote: > > > > > On Sat, 24 Oct 2009 16:50:30 +0200, Francesco Poli wrote: > > > > Hi list, > > > > there's no tracker page for DSA-1912-2 (issued last night). > > > > This means that there's no fixed information for advi. > > > > > > done. > > > > The related CVE pages lack information about squeeze/sid fixed version > > (1.6.0-14+b1): AFAIUI, that's a binNMU, isn't it? > > Can binNMUs be tracked in the security tracker? > > yes, this can and should be tracked, we just forgot to do it. done now. Good, just checked. Thank you very much. > > > Moreover, CVE-2009-2295 does not seem to be mentioned in the DSA: was > > it included in the DSA tracker page intentionally or just by mistake? > > actually, just the opposite; CVE-2009-2295 is missing from the DSA by > mistake. advi is statically linked to camlimages, and CVE-2009-2295 was > fixed in camlimages in another DSA previously (without updating advi > along with it), so the new static link to the current camlimages > addresses that old issue as well. OK, so it was included intentionally and rightfully. Thanks for clarifying! -- New location for my website! Update your bookmarks! http://www.inventati.org/frx ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgpHBqbiGr6bm.pgp
Description: PGP signature