[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

About CVE-2017-1000082

Hi Debian Security Team,

Thank you for providing the great tracker system. I have a question. When it comes to CVE-2017-1000082, jessie says "fixed".
https://security-tracker.debian.org/tracker/CVE-2017-1000082

But OVAL describes the following.
<criterion comment="systemd DPKG is earlier than 0" test_ref="oval:org.debian.oval:tst:15314"/>

In the case of buster, OVAL is like the following.
 <criterion comment="systemd DPKG is earlier than 234-1" test_ref="oval:org.debian.oval:tst:11877"/>
Are they correct? If it is fixed, I think it should not be "0" and buster should have suffix like "~deb10uX", not "234-1".

Best regards,
Teppei
Reply to: