Bug#784436: security-tracker: contradictory status information on security-tracker.debian.org

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#784436: security-tracker: contradictory status information on security-tracker.debian.org
From: Vincent Lefevre <vincent@vinc17.net>
Date: Wed, 6 May 2015 13:06:07 +0200
Message-id: <[🔎] 20150506110606.GA8912@ypig.lip.ens-lyon.fr>
Reply-to: Vincent Lefevre <vincent@vinc17.net>, 784436@bugs.debian.org

Package: security-tracker
Severity: normal

On https://security-tracker.debian.org/tracker/CVE-2014-3660 I can see:

  Release   Version         Status
  jessie    2.9.1+dfsg1-5   fixed
  stretch   2.9.1+dfsg1-5   vulnerable

i.e. the same version of the package is listed both as fixed and
vulnerable! According to bug 765722, it should be fixed.

This is very confusing for the user who wants to know whether some
installed package is vulnerable or not.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Reply to:

Follow-Ups:
- Bug#784436: marked as done (security-tracker: contradictory status information on security-tracker.debian.org)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: External check
Next by Date: Bug#784436: marked as done (security-tracker: contradictory status information on security-tracker.debian.org)
Previous by thread: DSA candidates
Next by thread: Bug#784436: marked as done (security-tracker: contradictory status information on security-tracker.debian.org)
Index(es):
- Date
- Thread