On Thu, 22 Sep 2011 12:31:35 +0200 Nico Golde wrote: [...] > * Francesco Poli <invernomuto@paranoici.org> [2011-09-21 23:45]: [...] > > If I correctly understand what you mean, CVE-2011-2189 is about the > > issue in the Linux kernel, rather than about the issue on vsftpd side. > > > > If this is the case, that explains adequately. > > Exactly. Thanks for confirming. > > > However, I've just noticed another little inconsistency (I am therefore > > reopening the bug report): the DSA claims that the issues are fixed in > > squeeze by version 2.3.2-3+squeeze2, but the CVE-2011-0762 tracker page > > [1] says that we should wait for version 2.3.2-3+squeeze3 . > > If this is incorrect, please fix the tracker data. > > Thanks. > > Says 2.3.2-3+squeeze2 and did so since I released the DSA. The DSA tracker page has always had the correct fixed squeeze version, but I'm pretty sure the CVE tracker page used to have +squeeze3 instead of +squeeze2 . Anyway, everything seems to be fine, now. Bye. -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
Attachment:
pgp9iDMTpQzRw.pgp
Description: PGP signature