Re: CVE-2010-1640 and CVE-2010-1639 (clamav) fixed in volatile

To: debian-security-tracker@lists.debian.org
Subject: Re: CVE-2010-1640 and CVE-2010-1639 (clamav) fixed in volatile
From: Yves-Alexis Perez <corsac@debian.org>
Date: Fri, 06 Aug 2010 06:30:02 +0200
Message-id: <[🔎] 1281069002.13127.12.camel@hidalgo>
In-reply-to: <[🔎] 4c5b6aad.c507e60a.1492.093a@mx.google.com>
References: <[🔎] 1280728212.11855.3.camel@hidalgo> <[🔎] 4c5b6aad.c507e60a.1492.093a@mx.google.com>

On jeu., 2010-08-05 at 21:51 -0400, Raphael Geissert wrote:
> Hi,
> 
> Yves-Alexis Perez wrote:
> > #584183 is marked as fixed in version 0.96.1+dfsg-1~volatile1 (the one
> > in lenny volatile) but the tracker doesn't see it, so debsecan thinks
> > the package is vulnerable. Could that version be marked as “fixed”?
> 
> No, neither the tracker nor the stable or testing security teams support 
> volatile. The real reason is the technical limitation, but we can not even 
> do it for backports (where somebody was said to work on security support 
> there.)

Hmhm, but debsecan correctly ignore issues fixed in backports, in that
case, afair. One example is
http://security-tracker.debian.org/tracker/CVE-2010-0464 which is
vulnerable in lenny and fixed in backports.

Cheers,
-- 
Yves-Alexis

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- CVE-2010-1640 and CVE-2010-1639 (clamav) fixed in volatile
  - From: Yves-Alexis Perez <corsac@debian.org>
- Re: CVE-2010-1640 and CVE-2010-1639 (clamav) fixed in volatile
  - From: Raphael Geissert <geissert@debian.org>

Prev by Date: Re: CVE-2010-1640 and CVE-2010-1639 (clamav) fixed in volatile
Next by Date: kde4libs: CVE-2008-2307: does it affect kde4libs?
Previous by thread: Re: CVE-2010-1640 and CVE-2010-1639 (clamav) fixed in volatile
Next by thread: kde4libs: CVE-2008-2307: does it affect kde4libs?
Index(es):
- Date
- Thread