Hello #debian-security. I have a couple of questions
regarding the security-tracker and how it displays information. For example: http://security-tracker.debian.org/tracker/CVE-2006-4925 When it says not known to be vulnerable in the top portion
of a page, but the lower portion status is listed as vulnerable - which do I
believe? I can't seem to find any other data on this particular issue from
debian based sites. I have a conference call this afternoon with an auditor and
am reluctant to tell him it's unimportant because Debian says so on their site
:) I'd like some supporting documentation that this is not something PCI non-compliance
should be based on. Thank you, Alicia Smith |