Hello everybody, there's something I cannot quite understand about DSA-2268-1 [1]. It says that several CVE ids are fixed in iceweasel/3.5.16-9 for stable. However I cannot find any trace of that version on the PTS [2], or on security.d.o [3]. What's wrong? Where did the upload go? Is the upload for stable-security still in preparation? Another issue, though a minor one, is that the DSA [1] lists CVE-2011-2365 as one of the addressed vulnerabilities, but fails to include a description for that CVE id. The tracker page [4] refers to that CVE id as well, and indeed it seems that this CVE id is about iceweasel. If this CVE id is really fixed by DSA-2268-1, then I think that the tracker is consistent with the DSA. Otherwise, please fix the tracker data. [1] http://lists.debian.org/debian-security-announce/2011/msg00139.html [2] http://packages.qa.debian.org/i/iceweasel.html [3] http://security.debian.org/debian-security/pool/updates/main/i/iceweasel/ [4] http://security-tracker.debian.org/tracker/DSA-2268-1 -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
Attachment:
pgpm6OnP6CBdY.pgp
Description: PGP signature