[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Missing package in Debian Security Tracker site

Hi

On Tue, Oct 13, 2015 at 05:08:39PM +0800, Xiaoguang Bai wrote:
> Hi,
> 
> For DSA-3348-1, the information in following 2 sources does not match. The
> security tracker site does not show the fixed package/version for wheezy.
> 
> https://lists.debian.org/debian-security-announce/2015/msg00247.html
> https://security-tracker.debian.org/tracker/DSA-3348-1
> 
> 
> Actually, I have noticed quite a few of differences between the DSA mailing
> list and this tracker site. Should they match each other? May I know what
> might be the reason if they are different?

This is sort of current limitation for the security-tracker when you
have not overlapping fixing versions. The free text form explains that
only two CVEs affect wheezy. If you then check the CVEs explicitly,
say CVE-2015-5165:

https://security-tracker.debian.org/CVE-2015-5165

this has the correct information (which cannot be displayed correctly
for DSA-3348-1 overview page regarding the versions).

Regards,
Salvatore
Reply to: