Your message dated Sun, 8 Feb 2015 13:02:53 +0100 with message-id <20150208120253.GA23743@eldamar.local> and subject line Re: Bug#777454: security-tracker: DSA-3155-1 vs. tracker has caused the Debian Bug report #777454, regarding security-tracker: DSA-3155-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 777454: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777454 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: security-tracker: DSA-3155-1 vs. tracker
- From: "Francesco Poli \(wintermute\)" <invernomuto@paranoici.org>
- Date: Sun, 08 Feb 2015 12:24:54 +0100
- Message-id: <[🔎] 20150208112454.5782.59087.reportbug@homebrew>
Package: security-tracker Severity: normal Hello everybody, there seems to be something weird going on. The tracker page [1] for DSA-3155-1 [2] looks OK: it states that the vulnerabilities are fixed in wheezy by postgresql-9.1/9.1.15-0+deb7u1 (in agreement with the DSA itself). On the other hand, the CVE tracker pages [3][4][5][6], despite being linked to DSA-3155-1, disagree with it, claiming that wheezy is still vulnerable. I thought that this was not even possible in the tracker! Apparently I was wrong... What did I fail to understand? Please fix the tracker data. Thanks for your time! [1] https://security-tracker.debian.org/tracker/DSA-3155-1 [2] https://lists.debian.org/debian-security-announce/2015/msg00038.html [3] https://security-tracker.debian.org/tracker/CVE-2014-8161 [4] https://security-tracker.debian.org/tracker/CVE-2015-0241 [5] https://security-tracker.debian.org/tracker/CVE-2015-0243 [6] https://security-tracker.debian.org/tracker/CVE-2015-0244
--- End Message ---
--- Begin Message ---
- To: "Francesco Poli (wintermute)" <invernomuto@paranoici.org>, 777454-done@bugs.debian.org
- Subject: Re: Bug#777454: security-tracker: DSA-3155-1 vs. tracker
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Sun, 8 Feb 2015 13:02:53 +0100
- Message-id: <20150208120253.GA23743@eldamar.local>
- In-reply-to: <[🔎] 20150208112454.5782.59087.reportbug@homebrew>
- References: <[🔎] 20150208112454.5782.59087.reportbug@homebrew>
Hi, On Sun, Feb 08, 2015 at 12:24:54PM +0100, Francesco Poli (wintermute) wrote: > Package: security-tracker > Severity: normal > > Hello everybody, > there seems to be something weird going on. > > The tracker page [1] for DSA-3155-1 [2] looks OK: it states > that the vulnerabilities are fixed in wheezy by > postgresql-9.1/9.1.15-0+deb7u1 (in agreement with the DSA itself). > > On the other hand, the CVE tracker pages [3][4][5][6], despite > being linked to DSA-3155-1, disagree with it, claiming that wheezy > is still vulnerable. > > I thought that this was not even possible in the tracker! > Apparently I was wrong... > What did I fail to understand? We added a workaround to display postgresql-9.1 as unfixed in wheezy-security while a DSA was not yet released. This should be fixed by now. Regards, Salvatore
--- End Message ---