Bug#655960: security-tracker: DSA-2388-1 vs. tracker

To: 655960@bugs.debian.org
Subject: Bug#655960: security-tracker: DSA-2388-1 vs. tracker
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Sun, 15 Jan 2012 09:24:25 -0500
Message-id: <[🔎] CANTw=MMDdrnmHyffoy3_ms6KWf4=jawYWfJUyqJ6+qdmCY6FSg@mail.gmail.com>
Reply-to: Michael Gilbert <michael.s.gilbert@gmail.com>, 655960@bugs.debian.org
In-reply-to: <[🔎] 1326631370.4782.28.camel@scapa>
References: <[🔎] 20120115115354.7889.27573.reportbug@homebrew> <[🔎] 1326631370.4782.28.camel@scapa>

On Sun, Jan 15, 2012 at 7:42 AM, Yves-Alexis Perez  wrote:
> On dim., 2012-01-15 at 12:53 +0100, Francesco Poli (wintermute) wrote:
>> Package: security-tracker
>> Severity: normal
>>
>> Hi!
>>
>> The tracker page [1] for DSA-2388-1 [2] looks OK, but some of the
>> referenced CVE tracker pages [3][4] claim that t1lib/5.1.2-3.3 is still
>> vulnerable in wheezy and sid, while the DSA [2] claims that all the
>> CVEs are fixed in wheezy and sid by t1lib/5.1.2-3.3 ...
>>
>> Assuming that the DSA is right and the tracker is wrong, please
>> fix this inconsistency.
>>
>> Thanks for your time!
>
> You're perfectly right, wheezy/sid doesn't have a fix for 2011-0433 and
> 2010-2642, for some reason. I'm gonna prepare another NMU and an errata
> for the DSA.

You shouldn't need to send another announcement for a minor correction
like this.  Correcting it in the tracker is sufficient.

Mike

Reply to:

References:
- Bug#655960: security-tracker: DSA-2388-1 vs. tracker
  - From: "Francesco Poli \(wintermute\)" <invernomuto@paranoici.org>
- Bug#655960: security-tracker: DSA-2388-1 vs. tracker
  - From: Yves-Alexis Perez <corsac@debian.org>

Prev by Date: Bug#655960: security-tracker: DSA-2388-1 vs. tracker
Next by Date: Bug#655960: marked as done (security-tracker: DSA-2388-1 vs. tracker)
Previous by thread: Bug#655960: security-tracker: DSA-2388-1 vs. tracker
Next by thread: Bug#655960: marked as done (security-tracker: DSA-2388-1 vs. tracker)
Index(es):
- Date
- Thread