On Sat, 7 Mar 2009 21:32:28 +0100 Francesco Poli wrote: > Here's a list of the inconsistencies that are still present: > > http://security-tracker.debian.net/tracker/CVE-2008-5236 > http://security-tracker.debian.net/tracker/CVE-2008-5242 > http://security-tracker.debian.net/tracker/CVE-2008-5239 > http://security-tracker.debian.net/tracker/CVE-2008-5234 > http://security-tracker.debian.net/tracker/CVE-2008-5241 > http://security-tracker.debian.net/tracker/CVE-2008-5240 > http://security-tracker.debian.net/tracker/CVE-2008-5237 > http://security-tracker.debian.net/tracker/CVE-2009-0316 > http://security-tracker.debian.net/tracker/CVE-2008-4098 > > As I said, these are cases where a vulnerability is still considered as > unfixed in squeeze and fixed in lenny at the same time, with both > suites having the *same exact* package version.
i need some advise on this. should i fix these issues, wait for new packages to transition from unstable, or should the tracker code be updated to recognize that when squeeze has the same version a package marked as fixed in lenny that that version should be considered fixed as well? -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
