[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#642259: marked as done (security-tracker: DSA-2305-1 vs. tracker)



reopen 642259 =
thanks


On Wed, 21 Sep 2011 21:27:39 +0200 Nico Golde wrote:

> Hi,
> * Francesco Poli <invernomuto@paranoici.org> [2011-09-21 19:07]:
[...]
> > Why did you add only a note, rather than an actual reference to
> > CVE-2011-2189 ?
> 
> Because technically vsftpd would need its own CVE id (which it will not get 
> though).

If I correctly understand what you mean, CVE-2011-2189 is about the
issue in the Linux kernel, rather than about the issue on vsftpd side.

If this is the case, that explains adequately.
Thanks.


However, I've just noticed another little inconsistency (I am therefore
reopening the bug report): the DSA claims that the issues are fixed in
squeeze by version 2.3.2-3+squeeze2, but the CVE-2011-0762 tracker page
[1] says that we should wait for version 2.3.2-3+squeeze3 .
If this is incorrect, please fix the tracker data.
Thanks.


[1] http://security-tracker.debian.org/tracker/CVE-2011-0762

-- 
 http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt
 New GnuPG key, see the transition document!
..................................................... Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE

Attachment: pgpk_gM5gg_oL.pgp
Description: PGP signature


Reply to: