Your message dated Sun, 15 Jan 2012 15:41:18 +0100 with message-id <1326638478.4782.38.camel@scapa> and subject line Re: Bug#655960: security-tracker: DSA-2388-1 vs. tracker has caused the Debian Bug report #655960, regarding security-tracker: DSA-2388-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 655960: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655960 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: security-tracker: DSA-2388-1 vs. tracker
- From: "Francesco Poli \(wintermute\)" <invernomuto@paranoici.org>
- Date: Sun, 15 Jan 2012 12:53:54 +0100
- Message-id: <[🔎] 20120115115354.7889.27573.reportbug@homebrew>
Package: security-tracker Severity: normal Hi! The tracker page [1] for DSA-2388-1 [2] looks OK, but some of the referenced CVE tracker pages [3][4] claim that t1lib/5.1.2-3.3 is still vulnerable in wheezy and sid, while the DSA [2] claims that all the CVEs are fixed in wheezy and sid by t1lib/5.1.2-3.3 ... Assuming that the DSA is right and the tracker is wrong, please fix this inconsistency. Thanks for your time! [1] http://security-tracker.debian.org/tracker/CVE-2010-2642 [2] http://lists.debian.org/debian-security-announce/2012/msg00011.html [3] http://security-tracker.debian.org/tracker/CVE-2010-2642 [4] http://security-tracker.debian.org/tracker/CVE-2011-0433
--- End Message ---
--- Begin Message ---
- To: Michael Gilbert <michael.s.gilbert@gmail.com>, 655960-done@bugs.debian.org
- Cc: invernomuto@paranoici.org
- Subject: Re: Bug#655960: security-tracker: DSA-2388-1 vs. tracker
- From: Yves-Alexis Perez <corsac@debian.org>
- Date: Sun, 15 Jan 2012 15:41:18 +0100
- Message-id: <1326638478.4782.38.camel@scapa>
- In-reply-to: <[🔎] CANTw=MMDdrnmHyffoy3_ms6KWf4=jawYWfJUyqJ6+qdmCY6FSg@mail.gmail.com>
- References: <[🔎] 20120115115354.7889.27573.reportbug@homebrew> <[🔎] 1326631370.4782.28.camel@scapa> <[🔎] CANTw=MMDdrnmHyffoy3_ms6KWf4=jawYWfJUyqJ6+qdmCY6FSg@mail.gmail.com>
On dim., 2012-01-15 at 09:24 -0500, Michael Gilbert wrote: > On Sun, Jan 15, 2012 at 7:42 AM, Yves-Alexis Perez wrote: > > On dim., 2012-01-15 at 12:53 +0100, Francesco Poli (wintermute) wrote: > >> Package: security-tracker > >> Severity: normal > >> > >> Hi! > >> > >> The tracker page [1] for DSA-2388-1 [2] looks OK, but some of the > >> referenced CVE tracker pages [3][4] claim that t1lib/5.1.2-3.3 is still > >> vulnerable in wheezy and sid, while the DSA [2] claims that all the > >> CVEs are fixed in wheezy and sid by t1lib/5.1.2-3.3 ... > >> > >> Assuming that the DSA is right and the tracker is wrong, please > >> fix this inconsistency. > >> > >> Thanks for your time! > > > > You're perfectly right, wheezy/sid doesn't have a fix for 2011-0433 and > > 2010-2642, for some reason. I'm gonna prepare another NMU and an errata > > for the DSA. > > You shouldn't need to send another announcement for a minor correction > like this. Correcting it in the tracker is sufficient. > Ok, then I'm closing the bug since the tracker is now correct and the package uploaded to sid. Regards, -- Yves-AlexisAttachment: signature.asc
Description: This is a digitally signed message part
--- End Message ---