Michel Messerschmidt wrote: > The information about sarge is not consistent with > http://security-tracker.debian.net/tracker/CVE-2008-0166: > > Source Package Release Version Status > openssl (PTS) sarge, sarge (security) 0.9.7e-3sarge5 vulnerable > etch 0.9.8c-4etch1 vulnerable > etch (security) 0.9.8c-4etch3 fixed > lenny, sid 0.9.8g-10 fixed > > Who's right here ? The advisory is right. Sarge has been end of life'd. That also means that we do not update the Debian security tracker for sarge issues anymore. Unfortunately the tracker currently doesn't have a way to indicate in some sense that the sarge data is not up to date. I've corrected the sarge entry for this one in the tracker (which will be updated soon), but note for the future that the tracker doesn't provide accurate information about sarge vulnerability anymore. cheers, Thijs
Attachment:
pgp4TFthULNkO.pgp
Description: PGP signature