Bug#905304: marked as done (security-tracker: DSA-4259-1 vs. tracker)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Thu, 2 Aug 2018 22:28:12 +0200
with message-id <[🔎] 20180802202812.GA12273@eldamar.local>
and subject line Re: Bug#905304: security-tracker: DSA-4259-1 vs. tracker
has caused the Debian Bug report #905304,
regarding security-tracker: DSA-4259-1 vs. tracker
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
905304: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905304
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: security-tracker: DSA-4259-1 vs. tracker
• From: "Francesco Poli (wintermute)" <invernomuto@paranoici.org>
• Date: Thu, 02 Aug 2018 22:00:31 +0200
• Message-id: <[🔎] 153324003155.5596.18319616294450564420.reportbug@crunch>

Package: security-tracker
Severity: normal

Hello!

According to [DSA-4259-1], ruby2.3/2.3.3-1+deb9u3 fixes a number of
vulnerabilities, among which CVE-2017-17405, CVE-2017-17742,
CVE-2017-17790, and CVE-2018-6914.

However, the tracker pages for [CVE-2017-17405], [CVE-2017-17742],
[CVE-2017-17790], and [CVE-2018-6914] seem to disagree.

Is the tracker wrong?
Please update the tracker data, then.

Is the DSA wrong?
Please clarify (I searched in the tracker commit history on Salsa,
but I failed to find any explicit explanation about this
discrepancy...).

Thanks for your time!

[DSA-4259-1]: <https://lists.debian.org/debian-security-announce/2018/msg00188.html>
[CVE-2017-17405]: <https://security-tracker.debian.org/tracker/CVE-2017-17405>
[CVE-2017-17742]: <https://security-tracker.debian.org/tracker/CVE-2017-17742>
[CVE-2017-17790]: <https://security-tracker.debian.org/tracker/CVE-2017-17790>
[CVE-2018-6914]:  <https://security-tracker.debian.org/tracker/CVE-2018-6914>

--- End Message ---

--- Begin Message ---

• To: "Francesco Poli (wintermute)" <invernomuto@paranoici.org>, 905304@bugs.debian.org
• Cc: 905304-done@bugs.debian.org, jmm@debian.org
• Subject: Re: Bug#905304: security-tracker: DSA-4259-1 vs. tracker
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Thu, 2 Aug 2018 22:28:12 +0200
• Message-id: <[🔎] 20180802202812.GA12273@eldamar.local>
• In-reply-to: <[🔎] 153324003155.5596.18319616294450564420.reportbug@crunch>
• References: <[🔎] 153324003155.5596.18319616294450564420.reportbug@crunch>

HI Francesco,

On Thu, Aug 02, 2018 at 10:00:31PM +0200, Francesco Poli (wintermute) wrote:
> Package: security-tracker
> Severity: normal
> 
> Hello!
> 
> According to [DSA-4259-1], ruby2.3/2.3.3-1+deb9u3 fixes a number of
> vulnerabilities, among which CVE-2017-17405, CVE-2017-17742,
> CVE-2017-17790, and CVE-2018-6914.
> 
> However, the tracker pages for [CVE-2017-17405], [CVE-2017-17742],
> [CVE-2017-17790], and [CVE-2018-6914] seem to disagree.
> 
> Is the tracker wrong?
> Please update the tracker data, then.

The tracker was wrong due to the human-error in
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a5e9c1099e5f5a29832b60c97f3d9d0f61a538cf
, which needed to be added manually due to a unrelated problem while
updating tracker and relasing the DSA.

Thanks for spotting! All the information should be uptodate in at most
an hour.

Regards,
Salvatore

--- End Message ---