reopen 642259 = thanks On Wed, 21 Sep 2011 21:27:39 +0200 Nico Golde wrote: > Hi, > * Francesco Poli <invernomuto@paranoici.org> [2011-09-21 19:07]: [...] > > Why did you add only a note, rather than an actual reference to > > CVE-2011-2189 ? > > Because technically vsftpd would need its own CVE id (which it will not get > though). If I correctly understand what you mean, CVE-2011-2189 is about the issue in the Linux kernel, rather than about the issue on vsftpd side. If this is the case, that explains adequately. Thanks. However, I've just noticed another little inconsistency (I am therefore reopening the bug report): the DSA claims that the issues are fixed in squeeze by version 2.3.2-3+squeeze2, but the CVE-2011-0762 tracker page [1] says that we should wait for version 2.3.2-3+squeeze3 . If this is incorrect, please fix the tracker data. Thanks. [1] http://security-tracker.debian.org/tracker/CVE-2011-0762 -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
Attachment:
pgpk_gM5gg_oL.pgp
Description: PGP signature