Bug#700770: marked as done (security-tracker: DSA-2624-1 vs. tracker)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sun, 17 Feb 2013 11:28:34 +0100
with message-id <CAJ0cceajHJfwrQ5dBwYx9cm4vHKLDBactdMooXFd0zkgUnqGzA@mail.gmail.com>
and subject line Re: Bug#700770: security-tracker: DSA-2624-1 vs. tracker
has caused the Debian Bug report #700770,
regarding security-tracker: DSA-2624-1 vs. tracker
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
700770: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700770
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: security-tracker: DSA-2624-1 vs. tracker
• From: "Francesco Poli \(wintermute\)" <invernomuto@paranoici.org>
• Date: Sun, 17 Feb 2013 11:06:15 +0100
• Message-id: <[🔎] 20130217100615.4220.10465.reportbug@homebrew>

Package: security-tracker
Severity: normal

Hello,
DSA-2624-1 [1] states that a number of vulnerabilities have been fixed
for squeeze in ffmpeg/4:0.5.10-1 .
The tracker seems to agree on its corresponding DSA page [2] and
on *some* of the corresponding CVE pages.
However, three vulnerabilities [3][4][5] seem to be still considered
unfixed for squeeze (security).

Is the DSA wrong?
Or is the tracker wrong?

Please clarify, and, in the latter case, please fix the tracker data.

Thanks for your time!

[1] https://lists.debian.org/debian-security-announce/2013/msg00029.html
[2] https://security-tracker.debian.org/tracker/DSA-2624-1
[3] https://security-tracker.debian.org/tracker/CVE-2012-2784
[4] https://security-tracker.debian.org/tracker/CVE-2012-2788
[5] https://security-tracker.debian.org/tracker/CVE-2012-2801

--- End Message ---

--- Begin Message ---

• To: "Francesco Poli (wintermute)" <invernomuto@paranoici.org>, 700770-done@bugs.debian.org
• Subject: Re: Bug#700770: security-tracker: DSA-2624-1 vs. tracker
• From: Reinhard Tartler <siretart@gmail.com>
• Date: Sun, 17 Feb 2013 11:28:34 +0100
• Message-id: <CAJ0cceajHJfwrQ5dBwYx9cm4vHKLDBactdMooXFd0zkgUnqGzA@mail.gmail.com>
• In-reply-to: <[🔎] 20130217100615.4220.10465.reportbug@homebrew>
• References: <[🔎] 20130217100615.4220.10465.reportbug@homebrew>

On Sun, Feb 17, 2013 at 11:06 AM, Francesco Poli (wintermute)
<invernomuto@paranoici.org> wrote:
> Package: security-tracker
> Severity: normal
>
> Hello,
> DSA-2624-1 [1] states that a number of vulnerabilities have been fixed
> for squeeze in ffmpeg/4:0.5.10-1 .
> The tracker seems to agree on its corresponding DSA page [2] and
> on *some* of the corresponding CVE pages.
> However, three vulnerabilities [3][4][5] seem to be still considered
> unfixed for squeeze (security).
>
> Is the DSA wrong?
> Or is the tracker wrong?
>
> Please clarify, and, in the latter case, please fix the tracker data.
>
> Thanks for your time!
>
> [1] https://lists.debian.org/debian-security-announce/2013/msg00029.html
> [2] https://security-tracker.debian.org/tracker/DSA-2624-1
> [3] https://security-tracker.debian.org/tracker/CVE-2012-2784
> [4] https://security-tracker.debian.org/tracker/CVE-2012-2788
> [5] https://security-tracker.debian.org/tracker/CVE-2012-2801

Thanks for spotting the issue, I have just updated the tracker data in
commit r21309 and r21310. If there are further inconsistencies, please
reopen this bug and CC me directly.

Cheers,
Reinhard.

-- 
regards,
    Reinhard

--- End Message ---