Hi Bonaccorso,
Thank you for the quick reply.
Will this happen for all the DSAs with partial CVEs for a distro?
Is there any other limitations to the tracker site?
By the way, is there a DSA index page for the tracker site?
Regards,
Xiaoguang
Hi
On Tue, Oct 13, 2015 at 05:08:39PM +0800, Xiaoguang Bai wrote:
> Hi,
>
> For DSA-3348-1, the information in following 2 sources does not match. The
> security tracker site does not show the fixed package/version for wheezy.
>
> https://lists.debian.org/debian-security-announce/2015/msg00247.html
> https://security-tracker.debian.org/tracker/DSA-3348-1
>
>
> Actually, I have noticed quite a few of differences between the DSA mailing
> list and this tracker site. Should they match each other? May I know what
> might be the reason if they are different?
This is sort of current limitation for the security-tracker when you
have not overlapping fixing versions. The free text form explains that
only two CVEs affect wheezy. If you then check the CVEs explicitly,
say CVE-2015-5165:
https://security-tracker.debian.org/CVE-2015-5165
this has the correct information (which cannot be displayed correctly
for DSA-3348-1 overview page regarding the versions).
Regards,
Salvatore