On Tue, 11 Aug 2009 15:33:45 +0200, Francesco Poli wrote: > On Mon, 10 Aug 2009 19:46:52 -0400 Michael S. Gilbert wrote: > > > On Mon, 10 Aug 2009 23:32:22 +0200, Francesco Poli wrote: > [...] > > > The tracker [2] seems to fail to correctly provide information about > > > lenny, since it seems to think that all CVEs are fixed for lenny in > > > version 7:6.3.7.9.dfsg2-1~lenny3 (while this is true for the last one > > > only, as the other ones are already fixed in current lenny version, > > > rather than in a security update). > [...] > > > Please fix these inconsistencies, if possible. > > > > this is a flaw in the tracker. we don't have the ability to separate > > out CVEs per release in the DSA list, so we end up with this problems > > like this. i've been meaning to look into fixing this, and i may find > > the time, but until then, there is no sane way to correct the problem. > > That's unfortunate. > There's a difference in etch-backports information, though: how is it > obtained?
*-backports tracking is not entered via the DSA list, so it isn't prone to that problem. however, i've never seen anyone actually do any specific tracking for backports, so i think that the tracker is deriving that information automatically from unstable (i.e. if the backports version is greater than or equal to the unstable version that was fixed, then the backports version is also considered fixed). anyone else have a better idea on how that works? mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
