Bug#903816: security-tracker: CVE-2017-17689 vs. tracker

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#903816: security-tracker: CVE-2017-17689 vs. tracker
From: "Francesco Poli (wintermute)" <invernomuto@paranoici.org>
Date: Sun, 15 Jul 2018 10:45:38 +0200
Message-id: <[🔎] 153164433871.8210.6226667058104449620.reportbug@crunch>
Reply-to: "Francesco Poli (wintermute)" <invernomuto@paranoici.org>, 903816@bugs.debian.org

Package: security-tracker
Severity: normal

Hello everyone!

According to [DSA-4244-1] thunderbird/1:52.9.1-1~deb9u1 fixes
CVE-2017-17689 in stretch (security), among other vulnerabilities.

However the tracker page for [CVE-2017-17689] seems to disagree,
while, on the other hand, referencing bug [#898631], which is claimed
to be fixed in oldstable, stable, testing, and unstable.

But please note that bug [#898631] does not mention CVE-2017-17689
at all!

Oh what a headache!
Which is wrong and which is right?

Could you please clarify and update the tracker data, if needed?

Thanks for your time!

[DSA-4244-1]: <https://lists.debian.org/debian-security-announce/2018/msg00173.html>
[CVE-2017-17689]: <https://security-tracker.debian.org/tracker/CVE-2017-17689>
[#898631]: <https://bugs.debian.org/898631>

Reply to:

Follow-Ups:
- Bug#903816: marked as done (security-tracker: CVE-2017-17689 vs. tracker)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: External check
Next by Date: Bug#903816: marked as done (security-tracker: CVE-2017-17689 vs. tracker)
Previous by thread: DSA candidates
Next by thread: Bug#903816: marked as done (security-tracker: CVE-2017-17689 vs. tracker)
Index(es):
- Date
- Thread