[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#681524: closed by Michael Gilbert <mgilbert@debian.org> (Re: Bug#681524: security-tracker: DSA-2511-1 vs. tracker)

On Tue, Jul 17, 2012 at 2:33 PM, Henri Salo wrote:
> I added that information to tracker as I received misinformation from one of the package maintainers. I will fix it today. CVE-2012-3408 hasn't been fixed in Debian versions. You should also read http://puppetlabs.com/security/cve/cve-2012-3408/ and sorry for confusion.

Data entered into the tracker needs to be reliable.  If you have not
personally checked CVE references for each individual issue against
the patches present in the tracker, then you cannot claim that the
problem has been fixed.

Leave those issues <unfixed> until someone who is willing to do the
appropriate research has time to review the issue.

Otherwise we're leaving issues unfixed and fooling ourselves into
thinking they are fixed, which is just so incredibly wrong.

Best wishes,
Mike
Reply to: