Il lun, 2003-08-11 alle 02:58, Matt Zimmerman ha scritto:
> > I haven't found 2.2.2-6woody2 in the changelog, however 2.2.2-6 has been
> > released in december 2001
> 2.2.2-6woody2 is a later version than 2.2.2-6. 2.2.2-6 has the bugs,
> 2.2.2-6woody2 has the fixes.
2.2.2-6 has been released on dec 13 2001, 2.2.2-7 on dec 14 2001
(following the changelog), so 2.2.2-6woody2 should be dated between
these 2 days, am i right?
> > , so i've to assume fake vulnerabilities (CAN 2003-... ), or at least they
> > don't apply to deb packages... but then 2.2.2-13.woody.8 what is for?
> I do not understand the problem.
DSA-361-1 states that the vulnerabilities reported have been fixed in
2.2.2-13.woody.8 (and this is the version you can find in the
repository)... DSA-361-2 is the same advisory, except that it states
that the vulnerabilities have been fixed in 2.2.2-6woody2... and i think
that's someway strange that 2 vulnerabilities from this year have been
addressed almost 2 years ago (well, not impossible with debian :) )...
but then, what's the purpose of 2.2.2-13.woody.8?
Really, i suspect a typo in the advisory. Or more likely, i haven't
understood too much about the whole thing.
Hope i've been clear enough (and forgive me for my little confidence
- From: Gian Piero Carrubba <firstname.lastname@example.org>
- Re: DSA-361-2
- From: Matt Zimmerman <email@example.com>