On jeu., 2010-08-05 at 21:51 -0400, Raphael Geissert wrote: > Hi, > > Yves-Alexis Perez wrote: > > #584183 is marked as fixed in version 0.96.1+dfsg-1~volatile1 (the one > > in lenny volatile) but the tracker doesn't see it, so debsecan thinks > > the package is vulnerable. Could that version be marked as “fixed”? > > No, neither the tracker nor the stable or testing security teams support > volatile. The real reason is the technical limitation, but we can not even > do it for backports (where somebody was said to work on security support > there.) Hmhm, but debsecan correctly ignore issues fixed in backports, in that case, afair. One example is http://security-tracker.debian.org/tracker/CVE-2010-0464 which is vulnerable in lenny and fixed in backports. Cheers, -- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part