Bug#783800: security-tracker: squeeze-lts/non-free not handled correctly

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#783800: security-tracker: squeeze-lts/non-free not handled correctly
From: Raphaël Hertzog <hertzog@debian.org>
Date: Thu, 30 Apr 2015 11:23:26 +0200
Message-id: <[🔎] 20150430092326.31566.75463.reportbug@x230-buxy.home.ouaza.com>
Reply-to: Raphaël Hertzog <hertzog@debian.org>, 783800@bugs.debian.org

Package: security-tracker
Severity: important

It looks like that squeeze-lts/non-free is not handled correctly. Have a look at
jruby:
$ rmadison jruby
jruby      | 1.5.1-1        | oldoldstable/non-free       | source, all
jruby      | 1.5.1-1+deb6u1 | buildd-squeeze-lts/non-free | source, all
jruby      | 1.5.1-1+deb6u1 | squeeze-lts/non-free        | source, all
[...]

Version 1.5.1-1+deb6u1 fixes CVE-2011-4838 and CVE-2012-5370 through
DLA-209-1.

Yet https://security-tracker.debian.org/tracker/source-package/jruby
doesn't show any "squeeze (lts)" or "squeeze/non-free (lts)" column
showing that it's fixed there.

And the JSON output for those CVE pretend that the issue is still
open:
    "squeeze": {
     "repositories": {
      "squeeze": "1.5.1-1"
     }, 
     "status": "open", 
     "urgency": "high**"
    }, 

-- System Information:
Debian Release: 8.0
  APT prefers squeeze-lts
  APT policy: (500, 'squeeze-lts'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Reply to:

Prev by Date: Re: Is CVE-2014-0254 really affecting Qt and not only Windows?
Next by Date: Re: Is CVE-2014-0254 really affecting Qt and not only Windows?
Previous by thread: Re: Is CVE-2014-0254 really affecting Qt and not only Windows?
Index(es):
- Date
- Thread