Bug#681524: closed by Michael Gilbert <mgilbert@debian.org> (Re: Bug#681524: security-tracker: DSA-2511-1 vs. tracker)

To: 681524@bugs.debian.org, Francesco Poli <invernomuto@paranoici.org>
Subject: Bug#681524: closed by Michael Gilbert <mgilbert@debian.org> (Re: Bug#681524: security-tracker: DSA-2511-1 vs. tracker)
From: Henri Salo <henri@nerv.fi>
Date: Tue, 17 Jul 2012 21:33:39 +0300
Message-id: <[🔎] 20120717183339.GA5188@kludge.henri.nerv.fi>
Reply-to: Henri Salo <henri@nerv.fi>, 681524@bugs.debian.org
In-reply-to: <[🔎] 20120717184940.ed5778cc563199e81b3a1c99@paranoici.org>
References: <CANTw=MMioxXHnYcQ373HYp2yrdikQQT2KmpgKCwjhJo=n_DDGw@mail.gmail.com> <[🔎] 20120713212855.6556.74354.reportbug@homebrew> <handler.681524.D681524.134248710420006.notifdone@bugs.debian.org> <[🔎] 20120717184940.ed5778cc563199e81b3a1c99@paranoici.org>

On Tue, Jul 17, 2012 at 06:49:40PM +0200, Francesco Poli wrote:
> On Tue, 17 Jul 2012 01:09:03 +0000 Debian Bug Tracking System wrote:
> 
> > On Fri, Jul 13, 2012 at 5:28 PM, Francesco Poli (wintermute) wrote:
> [...]
> > > DSA-2511-1 [...] says that CVE-2012-386[4-7] are fixed in sid by
> > > puppet/2.7.18-1, but the tracker seems to disagree
> [...]
> > 
> > Tracker data has been corrected.  Thanks!
> > Mike
> 
> Thanks to you.
> 
> But is CVE-2012-3408 also fixed in squeeze (security) and sid?
> The DSA does not mention it and I cannot find it in the changelogs.
> 
> I assume the tracker is right, but it looks strange that CVE-2012-3408
> is associated with DSA-2511-1, while the DSA itself does not mention
> CVE-2012-3408...
> 
> -- 
>  http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt
>  New GnuPG key, see the transition document!
> ..................................................... Francesco Poli .
>  GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE

I added that information to tracker as I received misinformation from one of the package maintainers. I will fix it today. CVE-2012-3408 hasn't been fixed in Debian versions. You should also read http://puppetlabs.com/security/cve/cve-2012-3408/ and sorry for confusion.

- Henri Salo

Reply to:

Follow-Ups:
- Bug#681524: closed by Michael Gilbert <mgilbert@debian.org> (Re: Bug#681524: security-tracker: DSA-2511-1 vs. tracker)
  - From: Michael Gilbert <mgilbert@debian.org>

References:
- Bug#681524: security-tracker: DSA-2511-1 vs. tracker
  - From: "Francesco Poli \(wintermute\)" <invernomuto@paranoici.org>
- Bug#681524: closed by Michael Gilbert <mgilbert@debian.org> (Re: Bug#681524: security-tracker: DSA-2511-1 vs. tracker)
  - From: Francesco Poli <invernomuto@paranoici.org>

Prev by Date: Bug#681524: closed by Michael Gilbert <mgilbert@debian.org> (Re: Bug#681524: security-tracker: DSA-2511-1 vs. tracker)
Next by Date: Bug#681524: closed by Michael Gilbert <mgilbert@debian.org> (Re: Bug#681524: security-tracker: DSA-2511-1 vs. tracker)
Previous by thread: Bug#681524: closed by Michael Gilbert <mgilbert@debian.org> (Re: Bug#681524: security-tracker: DSA-2511-1 vs. tracker)
Next by thread: Bug#681524: closed by Michael Gilbert <mgilbert@debian.org> (Re: Bug#681524: security-tracker: DSA-2511-1 vs. tracker)
Index(es):
- Date
- Thread