[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

DSA-2268-1 vs. tracker

Hello everybody,
there's something I cannot quite understand about DSA-2268-1 [1].
It says that several CVE ids are fixed in iceweasel/3.5.16-9 for stable.
However I cannot find any trace of that version on the PTS [2], or on
security.d.o [3].

What's wrong?
Where did the upload go?
Is the upload for stable-security still in preparation?

Another issue, though a minor one, is that the DSA [1] lists
CVE-2011-2365 as one of the addressed vulnerabilities, but fails to
include a description for that CVE id.
The tracker page [4] refers to that CVE id as well, and indeed it seems
that this CVE id is about iceweasel.
If this CVE id is really fixed by DSA-2268-1, then I think that the
tracker is consistent with the DSA.
Otherwise, please fix the tracker data.

[1] http://lists.debian.org/debian-security-announce/2011/msg00139.html
[2] http://packages.qa.debian.org/i/iceweasel.html
[3] http://security.debian.org/debian-security/pool/updates/main/i/iceweasel/
[4] http://security-tracker.debian.org/tracker/DSA-2268-1

 New GnuPG key, see the transition document!
..................................................... Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE

Attachment: pgpbnLDxIL39b.pgp
Description: PGP signature

Reply to: