On Thu, 26 Nov 2009 00:03:30 +0100 Francesco Poli wrote: > On Wed, 25 Nov 2009 23:36:50 +0100 Francesco Poli wrote: > > > Hello everyone, > > it seems to me that there's no tracker page for the just issued > > DSA-1940-1. > > > > Please update the tracker. > > The tracker page is now present, but there's a discrepancy that I would > like to point out: the DSA claims that the issues are fixed in > php5/5.2.11.dfsg.1-2 for sid and squeeze. > However, the tracker (on the individual CVE pages) says that > php5/5.2.11.dfsg.1-1 is fixed. > By looking at the BTS bugs, it seems that this is true at least for > CVE-2009-2626 and CVE-2009-2687, but there's no indication that this > should be the case for CVE-2009-3291 and CVE-2009-3292... > > Could you please clarify?
bugs are not necessarily submitted (nor required) for every issue. looking at the php changelog [0], you can see that these issues were claimed fixed in 5.2.11 by the upstream developers; hence the present tracking. of course just looking at the changelog isn't normally sufficient, but in this case Raphael already did the triage, and i have to assume he did the appropriate level of checking then. mike [0] http://php.net/ChangeLog-5.php -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
