package: security-tracker severity: important x-debbugs-cc: debian-lts@lists.debian.org Hi, the tracker doesnt show issues which are "only" closed in the security or lts subreleases as closed, as for example can be seen on https://security- tracker.debian.org/tracker/source-package/file eg https://security-tracker.debian.org/tracker/CVE-2014-3478 is closed in both wheezy-security as well as squeeze-lts, yet the /tracker/source-package/file lists it as open. (There pages like https://security-tracker.debian.org/tracker/CVE-2014-3478 also are less clean, but at least they contain the right info visibly, just a bit scrambled.) I believe the bug is in getBugsForSourcePackage() in lib/python/security_db.py but I couldn't yet wrap my head around it properly to fix it. There seem to be several functions (in security_db.py) which only deal with the releases (sid, jessie, wheezy, squeeze) but not the subreleases (security, lts). I'd be happy to discuss this issue and possible strategies to fix it in either #debian-security or #debian-lts cheers, Holger
Attachment:
signature.asc
Description: This is a digitally signed message part.