Re: DSA-2233-1 vs. tracker

To: debian-security-tracker@lists.debian.org
Subject: Re: DSA-2233-1 vs. tracker
From: Francesco Poli <invernomuto@paranoici.org>
Date: Fri, 13 May 2011 00:25:47 +0200
Message-id: <[🔎] 20110513002547.596c234a.invernomuto@paranoici.org>
In-reply-to: <[🔎] 87ei43n0dv.fsf@mid.deneb.enyo.de>
References: <[🔎] 20110511190053.9c8eb23b.invernomuto@paranoici.org> <[🔎] 87ei43n0dv.fsf@mid.deneb.enyo.de>

On Thu, 12 May 2011 22:13:00 +0200 Florian Weimer wrote:

> * Francesco Poli:
> 
> > It seems to me that the DSA-2233-1 tracker page [1] lacks the reference
> > to CVE-2009-2939, which is instead present in the actual DSA [2].
> >
> > Is there a reason for this, or is it just an inconsistency (that should
> > be fixed)?
> 
> CVE-2009-2939 only affects lenny, and we currently lack a way to
> express in a better way.

Can the CVE be associated to the DSA and also have the additional info
that it was fixed for squeeze in a version which is an ancestor of the
squeeze version?



-- 
 http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt
 New GnuPG key, see the transition document!
..................................................... Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE

Attachment: pgpYfJNDFMuuW.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: DSA-2233-1 vs. tracker
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>
- Re: DSA-2233-1 vs. tracker
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- DSA-2233-1 vs. tracker
  - From: Francesco Poli <invernomuto@paranoici.org>
- Re: DSA-2233-1 vs. tracker
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: DSA-2233-1 vs. tracker
Next by Date: Re: DSA-2233-1 vs. tracker
Previous by thread: Re: DSA-2233-1 vs. tracker
Next by thread: Re: DSA-2233-1 vs. tracker
Index(es):
- Date
- Thread