[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DSA-2233-1 vs. tracker



On Thu, 12 May 2011 22:13:00 +0200 Florian Weimer wrote:

> * Francesco Poli:
> 
> > It seems to me that the DSA-2233-1 tracker page [1] lacks the reference
> > to CVE-2009-2939, which is instead present in the actual DSA [2].
> >
> > Is there a reason for this, or is it just an inconsistency (that should
> > be fixed)?
> 
> CVE-2009-2939 only affects lenny, and we currently lack a way to
> express in a better way.

Can the CVE be associated to the DSA and also have the additional info
that it was fixed for squeeze in a version which is an ancestor of the
squeeze version?



-- 
 http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt
 New GnuPG key, see the transition document!
..................................................... Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE

Attachment: pgpf4egcgmgvE.pgp
Description: PGP signature


Reply to: