Re: DSAs really missing from the tracker
On Wed, 1 Apr 2009 20:03:18 +0200, Francesco Poli wrote:
> I can confirm that DSA-1755-1 now seems to be correctly tracked (except
> for etch status: the DSA claims that etch is not affected, but the
> tracker says that etch is vulnerable...).
fixed.
> On the other hand, DSA-1758-1 refers to a CVE still marked as RESERVED
> and hence reports incomplete information about vulnerable and fixed
> versions.
like i said, this gets pulled in automatically from the Mitre database,
and there really isn't anything debian can do about their tardiness.
should debian switch to the NVD feeds [1], which seem to get updated in
a much more timely and consistent manner? from what i've seen, NVD
pages and feeds actually get updated on the planned disclosure date,
rather than a week or more later for Mitre.
appropos, this has been a primary complaint of mine for a while now. it
takes debian much too long to start working on issues after they have
been initially disclosed. switching to NVD would go a long way toward
addressing this problem.
[1] http://nvd.nist.gov/download.cfm#CVE_FEED
Reply to: