Hi all! There's something I cannot understand about the tracker data for DSA-2168-1 [1]. The CVE tracker pages [2][3] do not have any per-release summary. I mean that there's no table like Debian/oldstable package P is vulnerable. Debian/stable package P is vulnerable. Debian/testing package P is vulnerable. Debian/unstable not vulnerable. And there's no data about the fixed version for sid: in other words, the tracker seems to be unaware that openafs/1.4.14+dfsg-1 fixes the two CVEs in sid. What's wrong? [1] http://lists.debian.org/debian-security-announce/2011/msg00034.html [2] http://security-tracker.debian.org/tracker/CVE-2011-0430 [3] http://security-tracker.debian.org/tracker/CVE-2011-0431 -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
Attachment:
pgp4MhMFUAYPG.pgp
Description: PGP signature