On Sat, 10 Dec 2011 12:22:31 +0100 Francesco Poli (wintermute) wrote: [...] > It seems to me that the tracker page [1] for DSA-2362-1 [2] misses > the epoch in the squeeze fixed version (which should be 1:2.0.7-1squeeze3 > rather than 2.0.7-1squeeze3). This first issue seems to have been (silently) fixed by someone. Thanks to that someone! > > Moreover, the DSA [2] says that CVE-2011-2777 does not affect oldstable, > but the tracker [3] seems to disagree. This second issue seems to still hold, though. [...] > > [1] http://security-tracker.debian.org/tracker/DSA-2362-1 > [2] http://lists.debian.org/debian-security-announce/2011/msg00240.html > [3] http://security-tracker.debian.org/tracker/CVE-2011-2777 -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
Attachment:
pgpSulz883wdn.pgp
Description: PGP signature