[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Missing package in Debian Security Tracker site

Hi Bonaccorso,

Thank you for the quick reply.

Will this happen for all the DSAs with partial CVEs for a distro?

Is there any other limitations to the tracker site?

By the way, is there a DSA index page for the tracker site?


On Oct 13, 2015 5:41 PM, "Salvatore Bonaccorso" <carnil@debian.org> wrote:

On Tue, Oct 13, 2015 at 05:08:39PM +0800, Xiaoguang Bai wrote:
> Hi,
> For DSA-3348-1, the information in following 2 sources does not match. The
> security tracker site does not show the fixed package/version for wheezy.
> https://lists.debian.org/debian-security-announce/2015/msg00247.html
> https://security-tracker.debian.org/tracker/DSA-3348-1
> Actually, I have noticed quite a few of differences between the DSA mailing
> list and this tracker site. Should they match each other? May I know what
> might be the reason if they are different?

This is sort of current limitation for the security-tracker when you
have not overlapping fixing versions. The free text form explains that
only two CVEs affect wheezy. If you then check the CVEs explicitly,
say CVE-2015-5165:


this has the correct information (which cannot be displayed correctly
for DSA-3348-1 overview page regarding the versions).


Reply to: