[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DSA vs tracker: is CVE-2008-5814 fixed in unstable?

On Sat, 9 May 2009 17:31:11 +0200 Francesco Poli wrote:
> Hi everyone!
> 
> DSA-1789-1 [1] claims that all the mentioned CVEs are fixed in
> php5/5.2.9.dfsg.1-1 for sid.
> All tracker pages for the mentioned CVEs seem to be consistent, except
> for the one for CVE-2008-5814 [2], which claims that sid is still
> vulnerable.
> 
> [1] http://lists.debian.org/debian-security-announce/2009/msg00100.html
> [2] http://security-tracker.debian.net/tracker/CVE-2008-5814
> 
> Now the question is: is CVE-2008-5814 really fixed in
> php5/5.2.9.dfsg.1-1 ?
> If this is case, the tracker seems to be inconsistent.
> 
> Please clarify and/or fix the inconsistency.

hi,

thanks for pointing out the inconsistency.  this is not yet fixed in
the sid version.  it has been added to the sid php5 git repo and is
currently pending to be uploaded, but has not happened yet.  in fact
CVE-2009-0754 should have the same status; which i've just fixed.

security team,

should the DSA announcement be reissued to correct/clarify?

mike
Reply to: