On Mon, 05 Dec 2011 13:16:41 +0100 Yves-Alexis Perez wrote: > On dim., 2011-12-04 at 16:00 +0100, Francesco Poli wrote: [...] > > The situation has improved significantly since I reported the > > inconsistency. > > Thanks a lot to whoever (silently) updated the tracker, if anyone > > actually did it. > > Actually I didn't see your mail, but fixed the issue meanwhile. Great! I love it when bugs get fixed even before a bug report manages to reach the involved people! ;-) > > > > Just to nitpick a little, there's a final detail to fix: the DSA says > > that three vulnerabilities (out of four) are already fixed for stable in > > evince/2.30.3-2, while only the fourth vulnerability (CVE-2010-2642) is > > unfixed in evince/2.30.3-2 and fixed in evince/2.30.3-2+squeeze1 . > > There seems to be no trace of this distinction on the tracker. > > Yeah, and I don't know why, since in the source file the 3 CVEs are > marked as fixed by 2.30.3-2. I am not sure: maybe because it's marked as fixed in "(unstable)" ? An additional entry for the stable fixed version is perhaps needed... > > > > Please fix this last detail, if possible. > > Again, thanks for your time. > > > I've requested some help for other team member, will keep you posted. Good, I hope it's not too tricky to get this thing right! Bye. -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
Attachment:
pgpZiKuzxhPNH.pgp
Description: PGP signature