Bug#761963: security-tracker: consolidate vulnerable/fixed per release in overviews
On Wed, Sep 17, 2014 at 09:10:39AM +0000, Thijs Kinkhorst wrote:
> Package: security-tracker
> Severity: wishlist
>
> Hi,
>
> In the overview per-package, the tracker currently shows for each CVE
> name about seven columns: squeeze, squeeze-security, squeeze-lts, wheezy, wheezy-security, jessie, sid.
>
> I think for the overviews it would be preferable if the table just shows the status for each release ('squeeze', 'wheezy' (or maybe even 'oldstable','stable')) etc overall, that is, 'wheezy' will show fixed if an issue is fixed in wheezy-security. I believe that this represents best how people think about an issue being fixed.
>
> For an individual CVE page, I think the same would go for the overview on the top (this currently shows only "Debian/stable" for all wheezy suites but confusingly shows "vulnerable" if it's fixed in wheezy-security).
>
> The detailed info about the exact suites can remain to be found in the table under "Vulnerable and fixed packages" on the CVE page.
Full ack. This is especially bad for Squeeze, which no longer has point
update, so e.g. https://security-tracker.debian.org/tracker/source-package/php5
shows many issues which are marked as open because they "only fixed in squeeze-lts".
Cheers,
Moritz
Reply to: