Your message dated Sun, 05 Aug 2012 15:19:42 +0200 with message-id <1344172782.3878.66.camel@scapa> and subject line Re: Bug#683921: security-tracker: DSA-2519-2 vs. tracker has caused the Debian Bug report #683921, regarding security-tracker: DSA-2519-2 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 683921: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683921 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: security-tracker: DSA-2519-2 vs. tracker
- From: "Francesco Poli \(wintermute\)" <invernomuto@paranoici.org>
- Date: Sun, 05 Aug 2012 14:51:26 +0200
- Message-id: <[🔎] 20120805125126.6203.92101.reportbug@homebrew>
Package: security-tracker Severity: normal Hi! DSA-2519-2 has been issued [1], stating that the previously announced security patches were not really applied to isc-dhcp/4.1.1-P1-15+squeeze5, an issue that has been fixed in isc-dhcp/4.1.1-P1-15+squeeze6. [1] https://lists.debian.org/debian-security-announce/2012/msg00161.html Hence, it is my understanding that isc-dhcp/4.1.1-P1-15+squeeze5 is still vulnerable to CVE-2011-4539, CVE-2012-3571, and CVE-2012-3954, while isc-dhcp/4.1.1-P1-15+squeeze6 is fixed. On the other hand, the tracker still seems to consider isc-dhcp/4.1.1-P1-15+squeeze5 as fixed, and shows no trace of DSA-2519-2 (the corresponding tracker page [2] still redirects to the one for DSA-2519-1). [2] http://security-tracker.debian.org/tracker/DSA-2519-2 Please update the tracker data. Thanks again for your time!
--- End Message ---
--- Begin Message ---
- To: "Francesco Poli (wintermute)" <invernomuto@paranoici.org>, 683921-done@bugs.debian.org
- Subject: Re: Bug#683921: security-tracker: DSA-2519-2 vs. tracker
- From: Yves-Alexis Perez <corsac@debian.org>
- Date: Sun, 05 Aug 2012 15:19:42 +0200
- Message-id: <1344172782.3878.66.camel@scapa>
- In-reply-to: <[🔎] 20120805125126.6203.92101.reportbug@homebrew>
- References: <[🔎] 20120805125126.6203.92101.reportbug@homebrew>
On dim., 2012-08-05 at 14:51 +0200, Francesco Poli (wintermute) wrote: > Package: security-tracker > Severity: normal > > Hi! > > DSA-2519-2 has been issued [1], stating that the previously > announced security patches were not really applied to > isc-dhcp/4.1.1-P1-15+squeeze5, an issue that has been fixed > in isc-dhcp/4.1.1-P1-15+squeeze6. > > [1] https://lists.debian.org/debian-security-announce/2012/msg00161.html > > Hence, it is my understanding that isc-dhcp/4.1.1-P1-15+squeeze5 > is still vulnerable to CVE-2011-4539, CVE-2012-3571, and CVE-2012-3954, > while isc-dhcp/4.1.1-P1-15+squeeze6 is fixed. > > On the other hand, the tracker still seems to consider > isc-dhcp/4.1.1-P1-15+squeeze5 as fixed, and shows no trace of > DSA-2519-2 (the corresponding tracker page [2] still redirects > to the one for DSA-2519-1). > > [2] http://security-tracker.debian.org/tracker/DSA-2519-2 > > Please update the tracker data. Tracker data is up to date, although it has not propagated to the website yet (not too sure why). Regards, -- Yves-AlexisAttachment: signature.asc
Description: This is a digitally signed message part
--- End Message ---