Hello everyone! It seems to me that the tracker page [1] for CVE-2010-2547 (referenced from the tracker page [2] for DSA-2076-1 [3]) lacks something. The DSA claims that the vulnerability has been fixed in version 2.0.14-2 for unstable. Hence, taking into account that the QA page [4] states that testing still has version 2.0.14-1.1 , I would conclude that testing is still vulnerable. However, the CVE tracker page [1] claims that both testing and unstable are "not known to be vulnerable". Please fix this inconsistency. [1] http://security-tracker.debian.org/tracker/CVE-2010-2547 [2] http://security-tracker.debian.org/tracker/DSA-2076-1 [3] http://lists.debian.org/debian-security-announce/2010/msg00121.html [4] http://packages.qa.debian.org/g/gnupg2.html -- http://www.inventati.org/frx/progs/scripts/pdebuild-hooks.html Need some pdebuild hook scripts? ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgpKMgM60Sjvz.pgp
Description: PGP signature