On Tue, Jul 17, 2012 at 2:33 PM, Henri Salo wrote: > I added that information to tracker as I received misinformation from one of > the package maintainers. I will fix it today. CVE-2012-3408 hasn't been fixed > in Debian versions. You should also read > http://puppetlabs.com/security/cve/cve-2012-3408/ and sorry for confusion.
Data entered into the tracker needs to be reliable. If you have not personally checked CVE references for each individual issue against the patches present in the tracker, then you cannot claim that the problem has been fixed. Leave those issues <unfixed> until someone who is willing to do the appropriate research has time to review the issue. Otherwise we're leaving issues unfixed and fooling ourselves into thinking they are fixed, which is just so incredibly wrong. Best wishes, Mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/CANTw=mpn+ct1lg_egcugjujjcz3uc-gtf50ntsdzlvkuxf_...@mail.gmail.com
