Bug#783800: security-tracker: squeeze-lts/non-free not handled correctly
Package: security-tracker
Severity: important
It looks like that squeeze-lts/non-free is not handled correctly. Have a look at
jruby:
$ rmadison jruby
jruby | 1.5.1-1 | oldoldstable/non-free | source, all
jruby | 1.5.1-1+deb6u1 | buildd-squeeze-lts/non-free | source, all
jruby | 1.5.1-1+deb6u1 | squeeze-lts/non-free | source, all
[...]
Version 1.5.1-1+deb6u1 fixes CVE-2011-4838 and CVE-2012-5370 through
DLA-209-1.
Yet https://security-tracker.debian.org/tracker/source-package/jruby
doesn't show any "squeeze (lts)" or "squeeze/non-free (lts)" column
showing that it's fixed there.
And the JSON output for those CVE pretend that the issue is still
open:
"squeeze": {
"repositories": {
"squeeze": "1.5.1-1"
},
"status": "open",
"urgency": "high**"
},
-- System Information:
Debian Release: 8.0
APT prefers squeeze-lts
APT policy: (500, 'squeeze-lts'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Reply to: