Re: DSA-2000-1 vs. tracker

To: Debian-security-tracker <debian-security-tracker@lists.debian.org>
Subject: Re: DSA-2000-1 vs. tracker
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Thu, 18 Feb 2010 22:40:31 -0500
Message-id: <[🔎] 20100218224031.234edddb.michael.s.gilbert@gmail.com>
In-reply-to: <[🔎] 20100219005340.0f526ba2.frx@firenze.linux.it>
References: <[🔎] 20100219005340.0f526ba2.frx@firenze.linux.it>

On Fri, 19 Feb 2010 00:53:40 +0100 Francesco Poli wrote:

> Hi again!
> 
> It seems to me that DSA-2000-1 [1] is affected by a similar problem as
> DSA-1999-1.
> 
> The DSA claims that nine vulnerabilities are fixed in version 4:0.5
> +svn20090706-5 for sid, but the CVE tracker pages (linked from the DSA
> tracker page [2]) disagree.
> Please update the tracker, if needed.

the maintainer commited a bunch of patches in -3, and stated that the
issues were fixed, but i can't find enough info to verify this yet, so
i would not be confident in changing the tracking.

if someone had the inclinatation, they could test the 73 proof of
concepts and report back whether all of them fail with the new version.

mike

Reply to:

Follow-Ups:
- Re: DSA-2000-1 vs. tracker
  - From: Francesco Poli <frx@firenze.linux.it>

References:
- DSA-2000-1 vs. tracker
  - From: Francesco Poli <frx@firenze.linux.it>

Prev by Date: Re: DSA-1999-1 vs. tracker
Next by Date: Re: DSA-1999-1 vs. tracker
Previous by thread: DSA-2000-1 vs. tracker
Next by thread: Re: DSA-2000-1 vs. tracker
Index(es):
- Date
- Thread