Hi all, DSA-1949-1 has just been issued [1] claiming that two vulnerabilities have been fixed in php-net-ping. One issue is still CVE-less and there's the usual problem of "how does the security tracker account for CVE-less vulnerabilities?": I cannot even find the TEMP-x-y entry... [2] Is there any progress on this front? The other issue is CVE-2009-4024, which the DSA [1] claims to be fixed in version 2.4.2-1.1 for sid: the changelog [3] seems to agree, but the CVE tracker page tells another story [4]. Which is wrong and which is right? [1] http://lists.debian.org/debian-security-announce/2009/msg00272.html [2] http://security-tracker.debian.org/tracker/source-package/php-net-ping [3] http://packages.qa.debian.org/p/php-net-ping/news/20091211T220917Z.html [4] http://security-tracker.debian.org/tracker/CVE-2009-4024 -- New location for my website! Update your bookmarks! http://www.inventati.org/frx ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgp4Relhg9SvO.pgp
Description: PGP signature