Package: security-tracker Severity: normal Hello!
DSA-2401-1 [1] claims that a number of referenced vulnerabilities are fixed in sid by tomcat6/6.0.35-1 However, two vulnerabilities (CVE-2011-3190 [2] and CVE-2011-4858 [3]) out of the 10 referenced ones are shown as not fixed in sid and wheezy on the tracker. Is the DSA wrong or is the tracker incorrect? In the latter case, please fix the tracker data. Otherwise, please clarify. Thanks for your time! [1] http://lists.debian.org/debian-security-announce/2012/msg00025.html [2] http://security-tracker.debian.org/tracker/CVE-2011-3190 [3] http://security-tracker.debian.org/tracker/CVE-2011-4858 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
