Ok, so the problem remains the same for me. It's possible that a package get updated for a security reason while being in the stable channel. This is contradictory with the security FAQ. Is there another way (for a program) to get the type of a package ? A special way to access the security tracker (RPC, ...) ??
Thanks, Frédéric PICA 2008/7/28 Steffen Joeris <[EMAIL PROTECTED]>: > Hi Frederic > > On Mon, 28 Jul 2008 11:54:55 pm you wrote: >> Ok, so this one : >> ----------------------------------- >> proftpd-dfsg (1.3.0-19etch1) stable; urgency=low >> >> * [SECURITY] Added patch auth_cache.dpatch. It fixes CVE-2007-2165. >> >> -- Francesco Paolo Lovergine <[EMAIL PROTECTED]> Tue, 15 Jan 2008 >> 11:50:31 +0100 >> ----------------------------------- >> >> should have been in the security channel, and not in stable. >> So this is an "error" of the package maintainer and should be an >> isolate case, right ? > Nope, this was a minor issue according to the tracker and thus it got fixed in > a point release. CVE ids are not only for major issues, but for all sorts of > security issues. > > Cheers > Steffen > >
