DSA-2076-1 vs. tracker

To: Debian-security-tracker <debian-security-tracker@lists.debian.org>
Subject: DSA-2076-1 vs. tracker
From: Francesco Poli <frx@firenze.linux.it>
Date: Wed, 28 Jul 2010 22:08:47 +0200
Message-id: <20100728220847.bb44781b.frx@firenze.linux.it>

Hello everyone!

It seems to me that the tracker page [1] for CVE-2010-2547 (referenced
from the tracker page [2] for DSA-2076-1 [3]) lacks something.

The DSA claims that the vulnerability has been fixed in version
2.0.14-2 for unstable.
Hence, taking into account that the QA page [4] states that testing
still has version 2.0.14-1.1 , I would conclude that testing is still
vulnerable.

However, the CVE tracker page [1] claims that both testing and unstable
are "not known to be vulnerable".

Please fix this inconsistency.


[1] http://security-tracker.debian.org/tracker/CVE-2010-2547
[2] http://security-tracker.debian.org/tracker/DSA-2076-1
[3] http://lists.debian.org/debian-security-announce/2010/msg00121.html
[4] http://packages.qa.debian.org/g/gnupg2.html

-- 
 http://www.inventati.org/frx/progs/scripts/pdebuild-hooks.html
 Need some pdebuild hook scripts?
..................................................... Francesco Poli .
 GnuPG key fpr == C979 F34B 27CE 5CD8 DC12  31B5 78F4 279B DD6D FCF4

Attachment: pgpKMgM60Sjvz.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: DSA-2076-1 vs. tracker
  - From: Francesco Poli <frx@firenze.linux.it>

Prev by Date: Re: DSA-2022-1 / CVE-identifiers
Next by Date: Re: DSA-2022-1 / CVE-identifiers
Previous by thread: Re: scans in my hosts. (Debian 5.0 and Apache 2.2.9)
Next by thread: Re: DSA-2076-1 vs. tracker
Index(es):
- Date
- Thread