* Francesco Poli: > It seems to me that the DSA-2233-1 tracker page [1] lacks the reference > to CVE-2009-2939, which is instead present in the actual DSA [2]. > > Is there a reason for this, or is it just an inconsistency (that should > be fixed)? CVE-2009-2939 only affects lenny, and we currently lack a way to express in a better way.