On dim., 2011-12-04 at 16:00 +0100, Francesco Poli wrote: > On Sun, 04 Dec 2011 12:19:46 +0100 Francesco Poli (wintermute) wrote: > > [...] > > Hi! > > It seems to me that the tracker page [1] for DSA-2357-1 [2] is > > fairly incomplete. > [...] > > [1] http://security-tracker.debian.org/tracker/DSA-2357-1 > > [2] http://lists.debian.org/debian-security-announce/2011/msg00235.html > > The situation has improved significantly since I reported the > inconsistency. > Thanks a lot to whoever (silently) updated the tracker, if anyone > actually did it. Actually I didn't see your mail, but fixed the issue meanwhile. > > Just to nitpick a little, there's a final detail to fix: the DSA says > that three vulnerabilities (out of four) are already fixed for stable in > evince/2.30.3-2, while only the fourth vulnerability (CVE-2010-2642) is > unfixed in evince/2.30.3-2 and fixed in evince/2.30.3-2+squeeze1 . > There seems to be no trace of this distinction on the tracker. Yeah, and I don't know why, since in the source file the 3 CVEs are marked as fixed by 2.30.3-2. > > Please fix this last detail, if possible. > Again, thanks for your time. > I've requested some help for other team member, will keep you posted. Regards, -- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part