Removed conflicting data from the tracker
In preparation of some refactoring work I'm doing on the tracker code,
I've removed conflicting data from it. (The new checker is more
strict.)
The largest part of the diff concerns <no-dsa> annotations for Sun
Java (due to its non-freeness). The other larger set of discrepancies
is related to cups/cupsys and the move from internal xpdf code to an
external dependency.
I tried to resolve the remaining ambiguities as best as I could, and I
reproduce them below for comments.
CVE-2008-5031 (Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, ...)
- python2.5 2.5.2-11.1
[etch] - python2.5 <no-dsa> (Minor issue)
- - python2.4 2.4.6-1 (bug #507317)
[etch] - python2.4 <no-dsa> (Minor issue)
- - python2.4 2.4.5-6 (low; bug #504620)
+ - python2.4 2.4.5-6 (low; bug #507317; bug #504620)
NOTE: definitely fixed in 2.5.2-11.1 for lenny/unstable (svn-updates.dpatch)
NOTE: maybe fixed earlier, doko is not able to tell the exact version atm
CVE-2007-2583 (The in_decimal::set function in item_cmpfunc.cc in MySQL before ...)
{DSA-1413-1}
- mysql-dfsg-5.0 5.0.41-1 (low; bug #426353)
[sarge] - mysql-dfsg <not-affected> (Vulnerable functionality not implemented)
- [sarge] - mysql-dfsg <not-affected> (Not affected, test case doesn't crash the daemon)
+ NOTE: [sarge] Not affected, test case doesn't crash the daemon
Reply to: