On Tue, 17 Jul 2012 01:09:03 +0000 Debian Bug Tracking System wrote: > On Fri, Jul 13, 2012 at 5:28 PM, Francesco Poli (wintermute) wrote: [...] > > DSA-2511-1 [...] says that CVE-2012-386[4-7] are fixed in sid by > > puppet/2.7.18-1, but the tracker seems to disagree [...] > > Tracker data has been corrected. Thanks! > Mike Thanks to you. But is CVE-2012-3408 also fixed in squeeze (security) and sid? The DSA does not mention it and I cannot find it in the changelogs. I assume the tracker is right, but it looks strange that CVE-2012-3408 is associated with DSA-2511-1, while the DSA itself does not mention CVE-2012-3408... -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
Attachment:
pgpQfe0xaUZOo.pgp
Description: PGP signature