On Sun, 19 Apr 2009 18:36:45 -0400 Michael S. Gilbert wrote: > On Fri, 17 Apr 2009 22:14:24 +0200 Francesco Poli wrote: [...] > > I think it would be useful to mark the CVE-less vulnerability as fixed, > > as well, maybe by referring to a TEMP, which will later be converted > > into a CVE... > > there are some issues with the tracker update scripts where the DSA > links are being removed from non-numbered CVEs. this has yet to be > addressed (i.e. the script needs to be made to be more intelligent about > this type of case). i'll see if i can find the time to work on it. Ah, so this is a limitation of the current tracker infrastructure. I wasn't aware of this issue: I hope it can be addressed in a reasonable time frame. Thank you very much for volunteering to work on it! :-) [...] > > On the other hand, the CVE tracker pages [3][4] also claim > > that squeeze is fixed, even though it still has version 0.94.dfsg.2-1. > > Is this good news, or just a mistake on the tracker? > > the data was misentered in the tracker. fixed. Thanks indeed, the fixed/vulnerable version information now seems to be consistent with the DSA! Bye. -- New location for my website! Update your bookmarks! http://www.inventati.org/frx ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgpTuzsdYzFCJ.pgp
Description: PGP signature