[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#777454: marked as done (security-tracker: DSA-3155-1 vs. tracker)



Your message dated Sun, 8 Feb 2015 13:02:53 +0100
with message-id <20150208120253.GA23743@eldamar.local>
and subject line Re: Bug#777454: security-tracker: DSA-3155-1 vs. tracker
has caused the Debian Bug report #777454,
regarding security-tracker: DSA-3155-1 vs. tracker
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
777454: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777454
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: security-tracker
Severity: normal

Hello everybody,
there seems to be something weird going on.

The tracker page [1] for DSA-3155-1 [2] looks OK: it states
that the vulnerabilities are fixed in wheezy by
postgresql-9.1/9.1.15-0+deb7u1 (in agreement with the DSA itself).

On the other hand, the CVE tracker pages [3][4][5][6], despite
being linked to DSA-3155-1, disagree with it, claiming that wheezy
is still vulnerable.

I thought that this was not even possible in the tracker!
Apparently I was wrong...
What did I fail to understand?

Please fix the tracker data.
Thanks for your time!

[1] https://security-tracker.debian.org/tracker/DSA-3155-1
[2] https://lists.debian.org/debian-security-announce/2015/msg00038.html
[3] https://security-tracker.debian.org/tracker/CVE-2014-8161
[4] https://security-tracker.debian.org/tracker/CVE-2015-0241
[5] https://security-tracker.debian.org/tracker/CVE-2015-0243
[6] https://security-tracker.debian.org/tracker/CVE-2015-0244

--- End Message ---
--- Begin Message ---
Hi,

On Sun, Feb 08, 2015 at 12:24:54PM +0100, Francesco Poli (wintermute) wrote:
> Package: security-tracker
> Severity: normal
> 
> Hello everybody,
> there seems to be something weird going on.
> 
> The tracker page [1] for DSA-3155-1 [2] looks OK: it states
> that the vulnerabilities are fixed in wheezy by
> postgresql-9.1/9.1.15-0+deb7u1 (in agreement with the DSA itself).
> 
> On the other hand, the CVE tracker pages [3][4][5][6], despite
> being linked to DSA-3155-1, disagree with it, claiming that wheezy
> is still vulnerable.
> 
> I thought that this was not even possible in the tracker!
> Apparently I was wrong...
> What did I fail to understand?

We added a workaround to display postgresql-9.1 as unfixed in
wheezy-security while a DSA was not yet released. This should be fixed
by now.

Regards,
Salvatore

--- End Message ---

Reply to: