Re: CVE-2013-0240 misreported as fixed in experimental

To: Simon McVittie <smcv@debian.org>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: CVE-2013-0240 misreported as fixed in experimental
From: Florian Weimer <fw@deneb.enyo.de>
Date: Fri, 08 Feb 2013 21:28:02 +0100
Message-id: <[🔎] 87obfu7dpp.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 51127416.8010508@debian.org> (Simon McVittie's message of "Wed, 06 Feb 2013 15:17:42 +0000")
References: <[🔎] 51127416.8010508@debian.org>

* Simon McVittie:

> https://security-tracker.debian.org/tracker/CVE-2013-0240 says:
>
> gnome-online-accounts wheezy       3.4.2-1 vulnerable
>                       sid          3.4.2-2 fixed
>                       experimental 3.6.1-1 fixed
>
> but the bug is not fixed in experimental, and the BTS' version-tracking
> knows that:

Good point.  We shouldn't have experimental in the tracker because it
doesn't work—in general, the fixed versions from unstable cannot be
applied there.

Reply to:

Follow-Ups:
- Re: CVE-2013-0240 misreported as fixed in experimental
  - From: "Thijs Kinkhorst" <thijs@debian.org>

References:
- CVE-2013-0240 misreported as fixed in experimental
  - From: Simon McVittie <smcv@debian.org>

Prev by Date: External check
Next by Date: Bug#700115: security-tracker: DSA-2618-1 vs. tracker
Previous by thread: CVE-2013-0240 misreported as fixed in experimental
Next by thread: Re: CVE-2013-0240 misreported as fixed in experimental
Index(es):
- Date
- Thread