Re: DSA-2273-1 vs. tracker

To: Debian-security-tracker <debian-security-tracker@lists.debian.org>
Subject: Re: DSA-2273-1 vs. tracker
From: Francesco Poli <invernomuto@paranoici.org>
Date: Sat, 9 Jul 2011 19:15:04 +0200
Message-id: <[🔎] 20110709191504.65970580.invernomuto@paranoici.org>
In-reply-to: <[🔎] 20110707190007.8de9a9bf.invernomuto@paranoici.org>
References: <[🔎] 20110707190007.8de9a9bf.invernomuto@paranoici.org>

On Thu, 7 Jul 2011 19:00:07 +0200 Francesco Poli wrote:

[...]
> The tracker seems to be still unaware [1] of DSA-2273-1 [2].
> Please update the tracker data!

Thanks for updating the tracker data, but...
...there's still something that does not look right to me.

The DSA [2] claims that all the referenced CVE ids are fixed in sid by
icedove/3.1.11-1 .
However, the tracker (see links from [1]) considers
CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, and CVE-2011-2363
as still unfixed in icedove/3.1.11-1 ...

> 
> [1] http://security-tracker.debian.org/tracker/DSA-2273-1
> [2] http://lists.debian.org/debian-security-announce/2011/msg00145.html

What's wrong?
Is the DSA [2] incorrect about sid, or is the tracker data incomplete?

Please clarify.

-- 
 http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt
 New GnuPG key, see the transition document!
..................................................... Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE

Attachment: pgpBugzISRXA6.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: DSA-2273-1 vs. tracker
  - From: Francesco Poli <invernomuto@paranoici.org>

References:
- DSA-2273-1 vs. tracker
  - From: Francesco Poli <invernomuto@paranoici.org>

Prev by Date: DSA-2273-1 vs. tracker
Next by Date: DSA-2274-1 vs. tracker
Previous by thread: DSA-2273-1 vs. tracker
Next by thread: Re: DSA-2273-1 vs. tracker
Index(es):
- Date
- Thread