On Mon, 30 Mar 2009 18:18:53 -0400 Michael S. Gilbert wrote: > On Mon, 30 Mar 2009 23:46:10 +0200, Francesco Poli wrote: > > > Hi. > > > > DSA-1756-1 and DSA-1757-1 have been recently issued, but no > > corresponding tracker page is present yet. > > What happened to the automatic creation of DSA tracker pages? > > this is a good question. what triggers generation of these pages? i > noticed that the DSAs that i just added did not get tracker pages > automatically (for example, > http://security-tracker.debian.net/tracker/DSA-1605). I can confirm that the following previously missing DSAs are now correctly tracked: DSA-1756-1, DSA-1757-1, DSA-1759-1, and DSA-1760-1. Did you manually insert the data, or was the automatic DSA tracker page creation reactivated? > > > Moreover, DSA-1755-1 was issued some days ago, explaining > > CVE-2009-0784, which is however still marked as RESERVED on the > > tracker: I cannot understand what's reserved about something that has > > already been disclosed in a DSA... > > CVE descriptions are pulled in automatically from the mitre database. > there can be a delay between disclosure and when they do their updates, > which causes issues such as seen here. regardless, this can be updated > manually, and i will do so. I can confirm that DSA-1755-1 now seems to be correctly tracked (except for etch status: the DSA claims that etch is not affected, but the tracker says that etch is vulnerable...). On the other hand, DSA-1758-1 refers to a CVE still marked as RESERVED and hence reports incomplete information about vulnerable and fixed versions. P.S.: thanks for taking care of the reported inconsistencies! -- New location for my website! Update your bookmarks! http://www.inventati.org/frx ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgpyZnHTXqYGl.pgp
Description: PGP signature