On Fri, 17 Apr 2009 22:14:24 +0200 Francesco Poli wrote: > Hi everyone, > DSA-1771-1 [1] was issued back on Wednesday, and the corresponding > tracker page [2] was created. > > I think there are a few inconsistencies, though. > > The DSA refers to two CVEs [3][4] and to one further vulnerability > with no CVE number yet. > The DSA tracker page [2] only refers to the two CVEs. > I think it would be useful to mark the CVE-less vulnerability as fixed, > as well, maybe by referring to a TEMP, which will later be converted > into a CVE...
there are some issues with the tracker update scripts where the DSA links are being removed from non-numbered CVEs. this has yet to be addressed (i.e. the script needs to be made to be more intelligent about this type of case). i'll see if i can find the time to work on it. > Moreover, the DSA says that the two CVEs are fixed > * for etch in version 0.90.1dfsg-4etch19 > * for lenny in version 0.94.dfsg.2-1lenny2 > * for sid in version 0.95.1+dfsg-1 > On the other hand, the CVE tracker pages [3][4] also claim > that squeeze is fixed, even though it still has version 0.94.dfsg.2-1. > Is this good news, or just a mistake on the tracker? the data was misentered in the tracker. fixed. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
