Bug#789490: marked as done (security-tracker: DSA-3290-1 vs. tracker)

To: Salvatore Bonaccorso <carnil@debian.org>
Subject: Bug#789490: marked as done (security-tracker: DSA-3290-1 vs. tracker)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 21 Jun 2015 19:18:06 +0000
Message-id: <[🔎] handler.789490.D789490.143491413126041.ackdone@bugs.debian.org>
References: <20150621191523.GA5172@eldamar.local> <[🔎] 20150621134619.11901.89739.reportbug@homebrew>

Your message dated Sun, 21 Jun 2015 21:15:23 +0200
with message-id <20150621191523.GA5172@eldamar.local>
and subject line Re: Bug#789490: security-tracker: DSA-3290-1 vs. tracker
has caused the Debian Bug report #789490,
regarding security-tracker: DSA-3290-1 vs. tracker
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
789490: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789490
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: security-tracker: DSA-3290-1 vs. tracker

From: "Francesco Poli \(wintermute\)" <invernomuto@paranoici.org>

Date: Sun, 21 Jun 2015 15:46:19 +0200

Message-id: <[🔎] 20150621134619.11901.89739.reportbug@homebrew>
Package: security-tracker
Severity: normal

Hello!

DSA-3290-1 [1] states that CVE-2015-3636 is fixed in
linux/3.16.7-ckt11-1, but the tracker shows somewhat
self-inconsistent information about this vulnerability [2],
claiming that linux/3.16.7-ckt11-1 is fixed in jessie,
but vulnerable in stretch, despite being apparently the
same exact version.

Please clarify and/or fix the tracker data.

Thanks for your time!

[1] https://lists.debian.org/debian-security-announce/2015/msg00186.html
[2] https://security-tracker.debian.org/tracker/CVE-2015-3636
--- End Message ---

--- Begin Message ---

To: "Francesco Poli (wintermute)" <invernomuto@paranoici.org>, 789490-done@bugs.debian.org

Subject: Re: Bug#789490: security-tracker: DSA-3290-1 vs. tracker

From: Salvatore Bonaccorso <carnil@debian.org>

Date: Sun, 21 Jun 2015 21:15:23 +0200

Message-id: <20150621191523.GA5172@eldamar.local>

In-reply-to: <[🔎] 20150621134619.11901.89739.reportbug@homebrew>

References: <[🔎] 20150621134619.11901.89739.reportbug@homebrew>
Hi Francesco,

On Sun, Jun 21, 2015 at 03:46:19PM +0200, Francesco Poli (wintermute) wrote:
> Package: security-tracker
> Severity: normal
> 
> Hello!
> 
> DSA-3290-1 [1] states that CVE-2015-3636 is fixed in
> linux/3.16.7-ckt11-1, but the tracker shows somewhat
> self-inconsistent information about this vulnerability [2],
> claiming that linux/3.16.7-ckt11-1 is fixed in jessie,
> but vulnerable in stretch, despite being apparently the
> same exact version.
> 
> Please clarify and/or fix the tracker data.

Have added a workaround entry in the security-tracker, explicitly
marking the stretch version as well fixed with 3.16.7-ckt11-1.

Regards,
Salvatore
--- End Message ---

Reply to:

References:
- Bug#789490: security-tracker: DSA-3290-1 vs. tracker
  - From: "Francesco Poli \(wintermute\)" <invernomuto@paranoici.org>

Prev by Date: Bug#789490: security-tracker: DSA-3290-1 vs. tracker
Next by Date: DSA candidates
Previous by thread: Bug#789490: security-tracker: DSA-3290-1 vs. tracker
Index(es):
- Date
- Thread