On lun., 2012-07-02 at 22:50 +0200, Francesco Poli wrote: > Hello everybody, > there's something unclear to me. > > DSA-2505-1 [1] states that CVE-2012-3363 is fixed in unstable by > zendframework/1.11.12-1 and the tracker seems to agree [2]. > > [1] https://lists.debian.org/debian-security-announce/2012/msg00145.html > [2] http://security-tracker.debian.org/tracker/CVE-2012-3363 > > Good, but... where in the world is zendframework/1.11.12-1 ? > > The DSA was issued on last Friday. > Nonetheless, it seems that zendframework/1.11.12-1 has not yet > materialized: > > $ rmadison zendframework > zendframework | 1.10.6-1 | squeeze | source, all > zendframework | 1.10.6-1squeeze1 | squeeze-p-u | source, all > zendframework | 1.10.6-1squeeze1 | squeeze-security | source, all > zendframework | 1.11.11-1 | wheezy | source, all > zendframework | 1.11.11-1 | sid | source, all > > Adding Frank Habermann to CC: since he's the uploader :) It seems that there were issues in the upload queue at the time he did the upload for stable, not sure what the status is now. Frank, any idea? Regards, -- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part