Bug#783800: marked as done (security-tracker: squeeze-lts/non-free not handled correctly)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Wed, 10 Jun 2015 17:27:33 +0200
with message-id <201506101727.45057.holger@layer-acht.org>
and subject line Re: Bug#783800: security-tracker: squeeze-lts/non-free not handled correctly
has caused the Debian Bug report #783800,
regarding security-tracker: squeeze-lts/non-free not handled correctly
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
783800: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783800
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: security-tracker: squeeze-lts/non-free not handled correctly
• From: Raphaël Hertzog <hertzog@debian.org>
• Date: Thu, 30 Apr 2015 11:23:26 +0200
• Message-id: <20150430092326.31566.75463.reportbug@x230-buxy.home.ouaza.com>

Package: security-tracker
Severity: important

It looks like that squeeze-lts/non-free is not handled correctly. Have a look at
jruby:
$ rmadison jruby
jruby      | 1.5.1-1        | oldoldstable/non-free       | source, all
jruby      | 1.5.1-1+deb6u1 | buildd-squeeze-lts/non-free | source, all
jruby      | 1.5.1-1+deb6u1 | squeeze-lts/non-free        | source, all
[...]

Version 1.5.1-1+deb6u1 fixes CVE-2011-4838 and CVE-2012-5370 through
DLA-209-1.

Yet https://security-tracker.debian.org/tracker/source-package/jruby
doesn't show any "squeeze (lts)" or "squeeze/non-free (lts)" column
showing that it's fixed there.

And the JSON output for those CVE pretend that the issue is still
open:
    "squeeze": {
     "repositories": {
      "squeeze": "1.5.1-1"
     }, 
     "status": "open", 
     "urgency": "high**"
    }, 

-- System Information:
Debian Release: 8.0
  APT prefers squeeze-lts
  APT policy: (500, 'squeeze-lts'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

--- End Message ---

--- Begin Message ---

• To: 783800-done@bugs.debian.org
• Subject: Re: Bug#783800: security-tracker: squeeze-lts/non-free not handled correctly
• From: Holger Levsen <holger@layer-acht.org>
• Date: Wed, 10 Jun 2015 17:27:33 +0200
• Message-id: <201506101727.45057.holger@layer-acht.org>
• In-reply-to: <20150430092326.31566.75463.reportbug@x230-buxy.home.ouaza.com>
• References: <20150430092326.31566.75463.reportbug@x230-buxy.home.ouaza.com>

Hi Raphaël,

On Donnerstag, 30. April 2015, Raphaël Hertzog wrote:
> It looks like that squeeze-lts/non-free is not handled correctly. Have a

I've finally fixed this issue with svn r34846 and deployed this to soler.d.o 
and am updating the database now, so the fix shall be visible in a few 
minutes.


cheers,
	Holger

Attachment: signature.asc
Description: This is a digitally signed message part.

--- End Message ---