Bug#803591: security-tracker: DSA-3381-1 vs. tracker

To: "Francesco Poli (wintermute)" <invernomuto@paranoici.org>, 803591@bugs.debian.org
Subject: Bug#803591: security-tracker: DSA-3381-1 vs. tracker
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 31 Oct 2015 22:56:19 +0100
Message-id: <[🔎] 20151031215619.GA19454@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 803591@bugs.debian.org
In-reply-to: <[🔎] 144630672115.8730.15753794881012372618.reportbug@sleepy>
References: <[🔎] 144630672115.8730.15753794881012372618.reportbug@sleepy>

Hi Francesco,

On Sat, Oct 31, 2015 at 04:52:01PM +0100, Francesco Poli (wintermute) wrote:
> Package: security-tracker
> Severity: normal
> 
> Hello everybody!
> 
> DSA-3381-1 [1] states that several vulnerabilities are fixed in
> openjdk-7/7u85-2.6.1-5 for sid, but the tracker [2] claims that many
> of those vulnerabilities are only fixed in openjdk-7/7u85-2.6.1-6 .
> Is that a typo in the DSA or should the tracker data be updated?

openjdk-7/7u85-2.6.1-6 for unstable is correct, but there is actually
a problem with the jessie-security version. It's beeing worked on.

> Moreover the tracker claims [3] that one of the vulnerabilities
> (CVE-2015-4871) is unfixed in sid.
> Again: is the DSA wrong or should the tracker data be updated?

Thanks, corrected that one. It is Oracle Java specific, so have
adjusted the tracker information to mark it as not-affected.

Regards,
Salvatore

Reply to:

References:
- Bug#803591: security-tracker: DSA-3381-1 vs. tracker
  - From: "Francesco Poli \(wintermute\)" <invernomuto@paranoici.org>

Prev by Date: Processed: tagging 803591
Previous by thread: Bug#803591: security-tracker: DSA-3381-1 vs. tracker
Next by thread: Processed: tagging 803591
Index(es):
- Date
- Thread