[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DSA-361-2

Il lun, 2003-08-11 alle 02:58, Matt Zimmerman ha scritto:

> > I haven't found 2.2.2-6woody2 in the changelog, however 2.2.2-6 has been
> > released in december 2001
> 2.2.2-6woody2 is a later version than 2.2.2-6.  2.2.2-6 has the bugs,
> 2.2.2-6woody2 has the fixes.

2.2.2-6 has been released on dec 13 2001, 2.2.2-7 on dec 14 2001
(following the changelog), so 2.2.2-6woody2 should be dated between
these 2 days, am i right?

> > , so i've to assume fake vulnerabilities (CAN 2003-... ), or at least they
> > don't apply to deb packages... but then 2.2.2-13.woody.8 what is for?
> I do not understand the problem.

DSA-361-1 states that the vulnerabilities reported have been fixed in
2.2.2-13.woody.8 (and this is the version you can find in the
repository)... DSA-361-2 is the same advisory, except that it states
that the vulnerabilities have been fixed in 2.2.2-6woody2... and i think
that's someway strange that 2 vulnerabilities from this year have been
addressed almost 2 years ago (well, not impossible with debian :) )...
but then, what's the purpose of 2.2.2-13.woody.8?

Really, i suspect a typo in the advisory. Or more likely, i haven't
understood too much about the whole thing.

Hope i've been clear enough (and forgive me for my little confidence
with english).

Gian Piero.

Reply to: