Bug#784436: security-tracker: contradictory status information on security-tracker.debian.org
Package: security-tracker
Severity: normal
On https://security-tracker.debian.org/tracker/CVE-2014-3660 I can see:
Release Version Status
jessie 2.9.1+dfsg1-5 fixed
stretch 2.9.1+dfsg1-5 vulnerable
i.e. the same version of the package is listed both as fixed and
vulnerable! According to bug 765722, it should be fixed.
This is very confusing for the user who wants to know whether some
installed package is vulnerable or not.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Reply to: