Bug#507157: marked as done (security-tracker: The tracker sould track experimental)
Your message dated Sat, 29 Nov 2008 11:55:06 +0100 with message-id [EMAIL PROTECTED] and subject line Re: Bug#507157: security-tracker: The tracker sould track experimental has caused the Debian Bug report #507157, regarding security-tracker: The tracker sould track experimental to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 507157: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507157 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: security-tracker Severity: wishlist The apt sources of experimental should be parsed as well. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core) Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash ---End Message--- ---BeginMessage--- * Moritz Muehlenhoff: The apt sources of experimental should be parsed as well. Done. It's updated at the same time as the other suites. ---End Message---
Processed: reassign 352954 to security-tracker
Processing commands for cont...@bugs.debian.org: reassign 352954 security-tracker Bug #352954 [debsecan] debsecan: please give suite selector on idssi.enyo.de Bug reassigned from package 'debsecan' to 'security-tracker'. Bug No longer marked as found in versions debsecan/0.4.1. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.126798182517706.transcr...@bugs.debian.org
Processed: Re: Processed: reassign 583381 to qa.debian.org,security.debian.org
Processing commands for cont...@bugs.debian.org: # the PTS is fed by the sec tracker reassign 583381 security-tracker Bug #583381 [qa.debian.org,security.debian.org] http://packages.qa.debian.org/o/openswan.html reports wrong open security issue Bug reassigned from package 'qa.debian.org,security.debian.org' to 'security-tracker'. owner 583381 ! Bug #583381 [security-tracker] http://packages.qa.debian.org/o/openswan.html reports wrong open security issue Owner recorded as Raphael Geissert geiss...@debian.org. thanks Stopping processing here. Please contact me if you need assistance. -- 583381: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583381 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.127742428925584.transcr...@bugs.debian.org
Bug#583381: marked as done (http://packages.qa.debian.org/o/openswan.html reports wrong open security issue)
Your message dated Sat, 26 Jun 2010 23:05:49 -0500 with message-id 201006262305.52578.geiss...@debian.org and subject line Re: Bug#583381: PTS reports wrong open security issue has caused the Debian Bug report #583381, regarding http://packages.qa.debian.org/o/openswan.html reports wrong open security issue to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 583381: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583381 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: qa.debian.org Severity: minor http://packages.qa.debian.org/o/openswan.html lists an open security issue for openswan while http://security-tracker.debian.org/tracker/source-package/openswan declares no open issues. Simple questions: Why does this happen and how can it be fixed? Kind regards Harald Jenny -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.30-1-686 Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/dash ---End Message--- ---BeginMessage--- Hi, I just fixed it on the tracker's side and the fix will propagate as soon as the PTS requests the new data. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net ---End Message---
Bug#507303: marked as done (security-tracker: please provide a per-maintainer report)
Your message dated Sun, 13 Feb 2011 20:57:01 -0500 with message-id 20110213205701.42b85a9d.michael.s.gilb...@gmail.com and subject line re: security-tracker: please provide a per-maintainer report has caused the Debian Bug report #507303, regarding security-tracker: please provide a per-maintainer report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 507303: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507303 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: wishlist It would be great to provide such report, as to have a link to it on the DDPO. Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net signature.asc Description: This is a digitally signed message part. ---End Message--- ---BeginMessage--- I think the work you did a while back fixed this bug, so I'm closing it. Best wishes, Mike ---End Message---
Processed: Re: security-tracker: please provide a per-maintainer report
Processing commands for cont...@bugs.debian.org:
reopen 507303
Bug #507303 {Done: Michael Gilbert michael.s.gilb...@gmail.com}
[security-tracker] security-tracker: please provide a per-maintainer report
thanks
Stopping processing here.
Please contact me if you need assistance.
--
507303: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507303
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/handler.s.c.129764957818116.transcr...@bugs.debian.org
Bug#352954: marked as done (debsecan: please give suite selector on idssi.enyo.de)
Your message dated Sun, 13 Feb 2011 21:19:38 -0500 with message-id 20110213211938.d1f56266.michael.s.gilb...@gmail.com and subject line re: debsecan: please give suite selector has caused the Debian Bug report #352954, regarding debsecan: please give suite selector on idssi.enyo.de to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 352954: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=352954 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: debsecan Version: 0.4.1 Severity: wishlist Please add a possibility to idssi.enyo.de/tracker/$ID to specify a suite to filter out package versions that are not applicable for the given suite. After this has been implemented, debsecan --suite foo --format report should give out URLs that restrict the output to the selected suite. Greetings Marc -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15.4-zgsrv Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1) Versions of packages debsecan depends on: ii debconf [debconf-2.0] 1.4.70 Debian configuration management sy ii python2.3.5-5An interactive high-level object-o Versions of packages debsecan recommends: ii cron 3.0pl1-92 management of regular background p ii exim4-daemon-light [mail-tran 4.60-3+zg1 lightweight exim MTA (v4) daemon -- debconf information excluded ---End Message--- ---BeginMessage--- Please add a possibility to idssi.enyo.de/tracker/$ID to specify a suite to filter out package versions that are not applicable for the given suite. After this has been implemented, debsecan --suite foo --format report should give out URLs that restrict the output to the selected suite. this has been available for a while now, try: $ debsecan --suite squeeze best wishes, mike ---End Message---
Bug#479594: marked as done (security-tracker: Modify suite-overview of the web site to not show no-dsa issues by default)
Your message dated Sun, 13 Feb 2011 21:22:43 -0500 with message-id 20110213212243.82972e0a.michael.s.gilb...@gmail.com and subject line re: security-tracker: Modify suite-overview of the web site to not show no-dsa has caused the Debian Bug report #479594, regarding security-tracker: Modify suite-overview of the web site to not show no-dsa issues by default to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 479594: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=479594 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Version: Modify suite-overview of the web site to not show no-dsa issues by default Severity: normal http://idssi.enyo.de/tracker/status/release/stable lists all no-dsa issues by default, which is confusing for users. They can still be displayed through the link. Cheers, Moritz -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18 Locale: LANG=de_DE.UTF-8@euro, LC_CTYPE=de_DE.UTF-8@euro (charmap=UTF-8) ---End Message--- ---BeginMessage--- I don't think the defaults should be changed. If users want to exclude no-dsa issues, they can click the link. Best wishes, Mike ---End Message---
Bug#508314: marked as done (Please add package subscription/notification support)
Your message dated Sat, 19 Feb 2011 14:39:16 -0500 with message-id 20110219143916.48498853.michael.s.gilb...@gmail.com and subject line Re: Please add package subscription/notification support has caused the Debian Bug report #508314, regarding Please add package subscription/notification support to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 508314: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508314 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: wishlist Hi, it would be cool if the security tracker would support a package tracking support similar to what the PTS provides. This would mean one could subscribe to a certain package, to certain actions and would receive an email notification if one of the subscribed events hapens. Lets say the defined actions would be: - a new security issue arises - a security issue is fixed in $SUITE then the subscriber would get an email if one of the events happens. Basically the first one is interesting for maintainers who want to know timeley when a security issue is entered into the tracker and the second one is interesting for users (in fact I had the idea because of the new backports.org tracking). Obviously this list of actions could be enhanced if needed. Best Regards, Patrick ---End Message--- ---BeginMessage--- On Sun, 13 Feb 2011 21:16:59 -0500 Michael Gilbert wrote: it would be cool if the security tracker would support a package tracking support similar to what the PTS provides. This would mean one could subscribe to a certain package, to certain actions and would receive an email notification if one of the subscribed events hapens. Lets say the defined actions would be: - a new security issue arises - a security issue is fixed in $SUITE You can already get these reports via debsecan, which can send mails to you as well. If that is a sufficient solution, I'll close this bug. If not, please add more detail why that isn't sufficient. Closing now. Thanks, Mike ---End Message---
Bug#642259: marked as done (security-tracker: DSA-2305-1 vs. tracker)
Your message dated Tue, 20 Sep 2011 18:46:07 -0400 with message-id 20110920184607.6c77be21577eb5b864d70...@gmail.com and subject line Re: Bug#642259: security-tracker: DSA-2305-1 vs. tracker has caused the Debian Bug report #642259, regarding security-tracker: DSA-2305-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 642259: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642259 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hi! DSA-2305-1 [1] talks about two vulnerabilities (CVE-2011-0762 and CVE-2011-2189), but its tracker page [2] only refers to one of them (CVE-2011-0762). Please add the missing reference. Thanks! [1] http://lists.debian.org/debian-security-announce/2011/msg00186.html [2] http://security-tracker.debian.org/tracker/DSA-2305-1 ---End Message--- ---BeginMessage--- Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hi! DSA-2305-1 [1] talks about two vulnerabilities (CVE-2011-0762 and CVE-2011-2189), but its tracker page [2] only refers to one of them (CVE-2011-0762). Fixed, thanks. Mike ---End Message---
Processed: Re: Bug#642259: marked as done (security-tracker: DSA-2305-1 vs. tracker)
Processing commands for cont...@bugs.debian.org:
reopen 642259 =
Bug #642259 {Done: Michael Gilbert michael.s.gilb...@gmail.com}
[security-tracker] security-tracker: DSA-2305-1 vs. tracker
thanks
Stopping processing here.
Please contact me if you need assistance.
--
642259: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642259
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/handler.s.c.13166409057871.transcr...@bugs.debian.org
Bug#642259: marked as done (security-tracker: DSA-2305-1 vs. tracker)
Your message dated Wed, 21 Sep 2011 17:48:40 -0400 with message-id 20110921174840.5b7c4967b7129e23ed79b...@gmail.com and subject line Re: Bug#642259: marked as done (security-tracker: DSA-2305-1 vs. tracker) has caused the Debian Bug report #642259, regarding security-tracker: DSA-2305-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 642259: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642259 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hi! DSA-2305-1 [1] talks about two vulnerabilities (CVE-2011-0762 and CVE-2011-2189), but its tracker page [2] only refers to one of them (CVE-2011-0762). Please add the missing reference. Thanks! [1] http://lists.debian.org/debian-security-announce/2011/msg00186.html [2] http://security-tracker.debian.org/tracker/DSA-2305-1 ---End Message--- ---BeginMessage--- Francesco Poli wrote: However, I've just noticed another little inconsistency (I am therefore reopening the bug report): the DSA claims that the issues are fixed in squeeze by version 2.3.2-3+squeeze2, but the CVE-2011-0762 tracker page [1] says that we should wait for version 2.3.2-3+squeeze3 . If this is incorrect, please fix the tracker data. Thanks. Fixed, thanks. Mike ---End Message---
Bug#644937: marked as done (security-tracker: DSA-2322-1 vs. tracker)
Your message dated Thu, 13 Oct 2011 18:30:16 +0200 with message-id 20111013183016.6dae7b8f8d168329eea58...@paranoici.org and subject line Re: security-tracker: DSA-2322-1 vs. tracker has caused the Debian Bug report #644937, regarding security-tracker: DSA-2322-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 644937: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644937 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello, it seems to me that DSA-2322-1 [1] does not yet have a corresponding tracker page [2]. Please update the tracker data. Thanks for your time! [1] http://lists.debian.org/debian-security-announce/2011/msg00199.html [2] http://security-tracker.debian.org/tracker/DSA-2322-1 ---End Message--- ---BeginMessage--- On Mon, 10 Oct 2011 23:48:47 +0200 Francesco Poli (wintermute) wrote: [...] Hello, it seems to me that DSA-2322-1 [1] does not yet have a corresponding tracker page [2]. [...] [1] http://lists.debian.org/debian-security-announce/2011/msg00199.html [2] http://security-tracker.debian.org/tracker/DSA-2322-1 It seems to me that the tracker data have been updated. I am therefore closing the bug report... -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgpO8pUJOGbCJ.pgp Description: PGP signature ---End Message---
Bug#646217: marked as done (security-tracker: DSA-2324-1 vs. tracker)
Your message dated Sat, 22 Oct 2011 17:24:49 -0400 with message-id CANTw=moxa0crjjxbjm9m3rh4qje_+csejsf6utqw1a1qlkm...@mail.gmail.com and subject line Re: Bug#646217: security-tracker: DSA-2324-1 vs. tracker has caused the Debian Bug report #646217, regarding security-tracker: DSA-2324-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 646217: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646217 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hi, DSA-2324-1 [1] states that wireshark/1.6.2-1 fixes CVE-2011-3360 in sid. However, the tracker page for the CVE [2] seems to ignore this fact. Assuming the DSA is correct, please update the tracker data. Thanks for your time. [1] http://lists.debian.org/debian-security-announce/2011/msg00200.html [2] http://security-tracker.debian.org/tracker/CVE-2011-3360 ---End Message--- ---BeginMessage--- On Sat, Oct 22, 2011 at 6:52 AM, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hi, DSA-2324-1 [1] states that wireshark/1.6.2-1 fixes CVE-2011-3360 in sid. However, the tracker page for the CVE [2] seems to ignore this fact. Assuming the DSA is correct, please update the tracker data. Thanks for your time. fixed. ---End Message---
Bug#648558: marked as done (security-tracker: DSA-2345-1 vs. tracker)
Your message dated Sun, 13 Nov 2011 10:37:42 +0100 with message-id 2013093742.GC14616@pisco.westfalen.local and subject line Re: Bug#648558: security-tracker: DSA-2345-1 vs. tracker has caused the Debian Bug report #648558, regarding security-tracker: DSA-2345-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 648558: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648558 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello! It seems to me that there's no tracker page [1] for DSA-2345-1, yet. Please update the tracker data. Thanks for your time. [1] http://security-tracker.debian.org/tracker/DSA-2345-1 [2] http://lists.debian.org/debian-security-announce/2011/msg00222.html ---End Message--- ---BeginMessage--- On Sun, Nov 13, 2011 at 12:35:22AM +0100, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hello! It seems to me that there's no tracker page [1] for DSA-2345-1, yet. Fixed. ---End Message---
Bug#649299: marked as done (security-tracker: DSA-2349-1 vs. tracker)
Your message dated Sat, 19 Nov 2011 19:12:57 +0100 with message-id 20191913.00727.th...@debian.org and subject line Re: Bug#649299: security-tracker: DSA-2349-1 vs. tracker has caused the Debian Bug report #649299, regarding security-tracker: DSA-2349-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 649299: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649299 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello, it seems to me that the tracker page [1] for DSA-2349-1 [2] is messed up: do I see correctly that the version number has been used in place of the package name? Please fix the tracker data. Thanks for your time! [1] http://security-tracker.debian.org/tracker/DSA-2349-1 [2] http://lists.debian.org/debian-security-announce/2011/msg00226.html ---End Message--- ---BeginMessage--- Op zaterdag 19 november 2011 18:51:59 schreef Francesco Poli (wintermute): it seems to me that the tracker page [1] for DSA-2349-1 [2] is messed up: do I see correctly that the version number has been used in place of the package name? Indeed. The package name was omitted, thereby bumping the version number into this field. It has now been corrected. Thanks, Thijs ---End Message---
Bug#650929: marked as done (security-tracker: DSA-2357-1 vs. tracker)
Your message dated Mon, 5 Dec 2011 21:52:21 +0100 with message-id 20111205215221.3bd2300c8cf9aea4eb923...@paranoici.org and subject line Re: Bug#650929: security-tracker: DSA-2357-1 vs. tracker has caused the Debian Bug report #650929, regarding security-tracker: DSA-2357-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 650929: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650929 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hi! It seems to me that the tracker page [1] for DSA-2357-1 [2] is fairly incomplete. Please update the tracker data, so that they become consistent with the information provided by the DSA. Thanks for your time. [1] http://security-tracker.debian.org/tracker/DSA-2357-1 [2] http://lists.debian.org/debian-security-announce/2011/msg00235.html ---End Message--- ---BeginMessage--- On Mon, 5 Dec 2011 18:47:00 +0100 Francesco Poli wrote: On Mon, 05 Dec 2011 13:16:41 +0100 Yves-Alexis Perez wrote: On dim., 2011-12-04 at 16:00 +0100, Francesco Poli wrote: [...] Please fix this last detail, if possible. Again, thanks for your time. I've requested some help for other team member, will keep you posted. Good, I hope it's not too tricky to get this thing right! Now it seems that the CVEs look right. The DSA tracker page [1] looks a bit weird, without the stable fixed version info, but I suspect that this is intentional... [1] http://security-tracker.debian.org/tracker/DSA-2357-1 I am therefore closing this bug report, as the inconsistency seems to be fixed. -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgpxNgJB5ozO5.pgp Description: PGP signature ---End Message---
Bug#653020: marked as done (security-tracker: DSA-2370-1 vs. tracker)
Your message dated Thu, 22 Dec 2011 15:47:29 -0500 with message-id CANTw=MMRGpfS5uB0mv9zkP3u9hmu2=+0c+3dsd9lcs4coc0...@mail.gmail.com and subject line Re: Bug#653020: security-tracker: DSA-2370-1 vs. tracker has caused the Debian Bug report #653020, regarding security-tracker: DSA-2370-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 653020: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653020 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello! Is there any special reason why the tracker page [1] for DSA-2370-1 [2] lacks the reference to one (CVE-2011-4528) of the two CVE ids mentioned in the DSA [2] itself? If this is just a mistake, please fix the tracker data. Thanks for your time! [1] http://security-tracker.debian.org/tracker/DSA-2370-1 [2] http://lists.debian.org/debian-security-announce/2011/msg00249.html ---End Message--- ---BeginMessage--- On Thu, Dec 22, 2011 at 3:43 PM, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hello! Is there any special reason why the tracker page [1] for DSA-2370-1 [2] lacks the reference to one (CVE-2011-4528) of the two CVE ids mentioned in the DSA [2] itself? If this is just a mistake, please fix the tracker data. Thanks for your time! yes, a missing data entry. fixed. mike ---End Message---
Bug#657648: marked as done (security-tracker: DSA-2394-1 vs. tracker)
Your message dated Fri, 27 Jan 2012 17:09:14 -0500 with message-id CANTw=mp53tkhkm1jzfd65v0ymonmusbtdgwekau0vbjynhp...@mail.gmail.com and subject line Re: Bug#657648: security-tracker: DSA-2394-1 vs. tracker has caused the Debian Bug report #657648, regarding security-tracker: DSA-2394-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 657648: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657648 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello! The tracker page [1] for DSA-2394-1 [2] seems to be almost empty. Please fix the tracker data. Thanks for your time! [1] http://security-tracker.debian.org/tracker/DSA-2394-1 [2] http://lists.debian.org/debian-security-announce/2012/msg00018.html ---End Message--- ---BeginMessage--- The tracker page [1] for DSA-2394-1 [2] seems to be almost empty. Please fix the tracker data. fixed, thanks for spotting this! mike ---End Message---
Bug#658545: marked as done (security-tracker: DSA-2401-1 vs. tracker)
Your message dated Fri, 3 Feb 2012 18:28:09 -0500 with message-id CANTw=mmshknzfeny3ta-nr9rtx91t9kykgbqw926nasbsdf...@mail.gmail.com and subject line Re: Bug#658545: security-tracker: DSA-2401-1 vs. tracker has caused the Debian Bug report #658545, regarding security-tracker: DSA-2401-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 658545: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658545 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello! DSA-2401-1 [1] claims that a number of referenced vulnerabilities are fixed in sid by tomcat6/6.0.35-1 However, two vulnerabilities (CVE-2011-3190 [2] and CVE-2011-4858 [3]) out of the 10 referenced ones are shown as not fixed in sid and wheezy on the tracker. Is the DSA wrong or is the tracker incorrect? In the latter case, please fix the tracker data. Otherwise, please clarify. Thanks for your time! [1] http://lists.debian.org/debian-security-announce/2012/msg00025.html [2] http://security-tracker.debian.org/tracker/CVE-2011-3190 [3] http://security-tracker.debian.org/tracker/CVE-2011-4858 ---End Message--- ---BeginMessage--- Is the DSA wrong or is the tracker incorrect? In the latter case, please fix the tracker data. Otherwise, please clarify. The DSA is correct. The tracker is now fixed. Thanks, Mike ---End Message---
Processed: tagging 645196
Processing commands for cont...@bugs.debian.org: # Fixed in SVN tags 645196 + pending Bug #645196 [security-tracker] security-tracker: add link to source Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 645196: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645196 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.132947321213011.transcr...@bugs.debian.org
Bug#663236: marked as done (security-tracker: DSA-2429-1 vs. tracker)
Your message dated Mon, 12 Mar 2012 22:40:12 -0400 with message-id CANTw=mmswjc3myd7i6gxk+otynv23qhb6-1og+ejvjjvglw...@mail.gmail.com and subject line Re: Bug#663236: security-tracker: DSA-2429-1 vs. tracker has caused the Debian Bug report #663236, regarding security-tracker: DSA-2429-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 663236: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663236 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello everybody! DSA-2429-1 [1] says that a good number of vulnerabilities are fixed in sid by mysql-5.1/5.1.61-2 However, the tracker seems to disagree on one of them (CVE-2012-0119 [2]). Who's right and who's wrong? Please clarify and/or update the tracker data. Thanks for your time! [1] http://lists.debian.org/debian-security-announce/2012/msg00056.html [2] http://security-tracker.debian.org/tracker/CVE-2012-0119 ---End Message--- ---BeginMessage--- DSA-2429-1 [1] says that a good number of vulnerabilities are fixed in sid by mysql-5.1/5.1.61-2 However, the tracker seems to disagree on one of them (CVE-2012-0119 [2]). Who's right and who's wrong? Please clarify and/or update the tracker data. tracker issue. fixed now. thanks, mike ---End Message---
Bug#649011: marked as done (security-tracker: DSA-2346-1 vs. tracker)
Your message dated Fri, 29 Jun 2012 21:34:32 +0200 with message-id 20120629213432.99f1af4062c4ec71542aa...@paranoici.org and subject line Re: Bug#649011: security-tracker: DSA-2346-1 vs. tracker has caused the Debian Bug report #649011, regarding security-tracker: DSA-2346-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 649011: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649011 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello, it seems to me that the tracker page [1] for DSA-2346-1 [2] lacks the reference to CVE-2011-4130. Please update the tracker data. Thanks for your time! [1] http://security-tracker.debian.org/tracker/DSA-2346-1 [2] http://lists.debian.org/debian-security-announce/2011/msg00223.html ---End Message--- ---BeginMessage--- On Thu, 17 Nov 2011 18:30:43 +0100 Francesco Poli wrote: On Thu, 17 Nov 2011 15:18:59 +0100 Nico Golde wrote: [...] Thanks for the report! Fixed. You're welcome. Everything's fine now, except that the DSA says that lenny is not affected by CVE-2011-4130, while the tracker disagrees... This tracker data inconsistency has long been fixed. I am therefore closing the corresponding bug report... -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgp9igSVrJY1J.pgp Description: PGP signature ---End Message---
Bug#679563: marked as done (security-tracker: DSA-2503-1 vs. tracker)
Your message dated Fri, 29 Jun 2012 21:41:46 +0200 with message-id 87zk7lhpmt@mid.deneb.enyo.de and subject line Re: Bug#679563: security-tracker: DSA-2503-1 vs. tracker has caused the Debian Bug report #679563, regarding security-tracker: DSA-2503-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 679563: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679563 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello everybody! DSA-2503-1 [1] states that CVE-2012-3366 is fixed in sid by bcfg2/1.2.2-2, but the tracker [2] seems to disagree. I think that the DSA is probably right, since the BTS seems to tell the same story [3]. Please update the tracker data. Thanks for your time! [1] https://lists.debian.org/debian-security-announce/2012/msg00143.html [2] http://security-tracker.debian.org/tracker/CVE-2012-3366 [3] http://bugs.debian.org/679272 ---End Message--- ---BeginMessage--- * Francesco Poli: DSA-2503-1 [1] states that CVE-2012-3366 is fixed in sid by bcfg2/1.2.2-2, but the tracker [2] seems to disagree. I think that the DSA is probably right, since the BTS seems to tell the same story [3]. Thanks, fixed. Would you be willing to fix these issues on your own, now that Subversion 1.7 (which is licensed under the Apache License 2.0) has entered the archive? ---End Message---
Bug#681524: marked as done (security-tracker: DSA-2511-1 vs. tracker)
Your message dated Mon, 16 Jul 2012 21:04:58 -0400 with message-id CANTw=MMioxXHnYcQ373HYp2yrdikQQT2KmpgKCwjhJo=n_d...@mail.gmail.com and subject line Re: Bug#681524: security-tracker: DSA-2511-1 vs. tracker has caused the Debian Bug report #681524, regarding security-tracker: DSA-2511-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 681524: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681524 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hi! DSA-2511-1 [1] says that CVE-2012-386[4-7] are fixed in sid by puppet/2.7.18-1, but the tracker seems to disagree [2]. I suppose the DSA is right: if this is the case, please update the tracker data. Thanks for your time! [1] https://lists.debian.org/debian-security-announce/2012/msg00149.html [2] http://security-tracker.debian.org/tracker/CVE-2012-3864 and so forth ---End Message--- ---BeginMessage--- On Fri, Jul 13, 2012 at 5:28 PM, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hi! DSA-2511-1 [1] says that CVE-2012-386[4-7] are fixed in sid by puppet/2.7.18-1, but the tracker seems to disagree [2]. I suppose the DSA is right: if this is the case, please update the tracker data. Thanks for your time! Tracker data has been corrected. Thanks! Mike---End Message---
Bug#683916: marked as done (security-tracker: DSA-2520-1 vs. tracker)
Your message dated Sun, 05 Aug 2012 15:14:58 +0200 with message-id 1344172498.3878.65.camel@scapa and subject line Re: Bug#683916: security-tracker: DSA-2520-1 vs. tracker has caused the Debian Bug report #683916, regarding security-tracker: DSA-2520-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 683916: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683916 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello! DSA-2520-1 [1] and the corresponding tracker page [2] state that CVE-2012-2665 has been fixed in stable by openoffice.org/3.2.1-11+squeeze7. I believe that an epoch is missing, since the version number of the openoffice.org package currently in stable is already 1:3.2.1-11+squeeze4. Please update the tracker data. Thanks for your time! [1] https://lists.debian.org/debian-security-announce/2012/msg00160.html [2] http://security-tracker.debian.org/tracker/DSA-2520-1 ---End Message--- ---BeginMessage--- On dim., 2012-08-05 at 14:42 +0200, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hello! DSA-2520-1 [1] and the corresponding tracker page [2] state that CVE-2012-2665 has been fixed in stable by openoffice.org/3.2.1-11+squeeze7. I believe that an epoch is missing, since the version number of the openoffice.org package currently in stable is already 1:3.2.1-11+squeeze4. Please update the tracker data. The tracker was already updated before your bug, but thanks for the consistency check. Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part ---End Message---
Bug#683921: marked as done (security-tracker: DSA-2519-2 vs. tracker)
Your message dated Sun, 05 Aug 2012 15:19:42 +0200 with message-id 1344172782.3878.66.camel@scapa and subject line Re: Bug#683921: security-tracker: DSA-2519-2 vs. tracker has caused the Debian Bug report #683921, regarding security-tracker: DSA-2519-2 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 683921: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683921 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hi! DSA-2519-2 has been issued [1], stating that the previously announced security patches were not really applied to isc-dhcp/4.1.1-P1-15+squeeze5, an issue that has been fixed in isc-dhcp/4.1.1-P1-15+squeeze6. [1] https://lists.debian.org/debian-security-announce/2012/msg00161.html Hence, it is my understanding that isc-dhcp/4.1.1-P1-15+squeeze5 is still vulnerable to CVE-2011-4539, CVE-2012-3571, and CVE-2012-3954, while isc-dhcp/4.1.1-P1-15+squeeze6 is fixed. On the other hand, the tracker still seems to consider isc-dhcp/4.1.1-P1-15+squeeze5 as fixed, and shows no trace of DSA-2519-2 (the corresponding tracker page [2] still redirects to the one for DSA-2519-1). [2] http://security-tracker.debian.org/tracker/DSA-2519-2 Please update the tracker data. Thanks again for your time! ---End Message--- ---BeginMessage--- On dim., 2012-08-05 at 14:51 +0200, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hi! DSA-2519-2 has been issued [1], stating that the previously announced security patches were not really applied to isc-dhcp/4.1.1-P1-15+squeeze5, an issue that has been fixed in isc-dhcp/4.1.1-P1-15+squeeze6. [1] https://lists.debian.org/debian-security-announce/2012/msg00161.html Hence, it is my understanding that isc-dhcp/4.1.1-P1-15+squeeze5 is still vulnerable to CVE-2011-4539, CVE-2012-3571, and CVE-2012-3954, while isc-dhcp/4.1.1-P1-15+squeeze6 is fixed. On the other hand, the tracker still seems to consider isc-dhcp/4.1.1-P1-15+squeeze5 as fixed, and shows no trace of DSA-2519-2 (the corresponding tracker page [2] still redirects to the one for DSA-2519-1). [2] http://security-tracker.debian.org/tracker/DSA-2519-2 Please update the tracker data. Tracker data is up to date, although it has not propagated to the website yet (not too sure why). Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part ---End Message---
Bug#683922: marked as done (security-tracker: DSA-2521-1 vs. tracker)
Your message dated Sun, 05 Aug 2012 15:22:32 +0200 with message-id 1344172952.3878.68.camel@scapa and subject line Re: Bug#683922: security-tracker: DSA-2521-1 vs. tracker has caused the Debian Bug report #683922, regarding security-tracker: DSA-2521-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 683922: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683922 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello! DSA-2521-1 [1] has been recently issued, but the tracker [2] seems to be still unaware of it. Please update the tracker data. Thanks for your time! [1] https://lists.debian.org/debian-security-announce/2012/msg00162.html [2] http://security-tracker.debian.org/tracker/DSA-2521-1 ---End Message--- ---BeginMessage--- On dim., 2012-08-05 at 14:57 +0200, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hello! DSA-2521-1 [1] has been recently issued, but the tracker [2] seems to be still unaware of it. Please update the tracker data. Once again, the tracker data is up to date. I know it might be painful to check, but it'd help us to actually do it before reporting. Now, it seems that there might be an issue with the website generation, but it's unrelated to the data itself. Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part ---End Message---
Bug#685843: marked as done (security-tracker: DSA-2533-1 vs. tracker)
Your message dated Sat, 25 Aug 2012 18:27:53 +0200 with message-id 87a9xjkkc6@mid.deneb.enyo.de and subject line Re: Bug#685843: security-tracker: DSA-2533-1 vs. tracker has caused the Debian Bug report #685843, regarding security-tracker: DSA-2533-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 685843: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685843 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello, DSA-2533-1 [1] states that four vulnerabilities are fixed in sid by pcp/3.6.5 The tracker [2][3][4][5] seems to disagree. Please update the tracker data. Thanks for your time! [1] https://lists.debian.org/debian-security-announce/2012/msg00174.html [2] http://security-tracker.debian.org/tracker/CVE-2012-3418 [3] http://security-tracker.debian.org/tracker/CVE-2012-3419 [4] http://security-tracker.debian.org/tracker/CVE-2012-3420 [5] http://security-tracker.debian.org/tracker/CVE-2012-3421 ---End Message--- ---BeginMessage--- * Francesco Poli: DSA-2533-1 [1] states that four vulnerabilities are fixed in sid by pcp/3.6.5 The tracker [2][3][4][5] seems to disagree. Thanks, fixed.---End Message---
Bug#689977: marked as done (security-tracker: DSA-2557-1 vs. tracker)
Your message dated Mon, 8 Oct 2012 20:12:12 +0200 with message-id 201210082012.20370.th...@debian.org and subject line Re: Bug#689977: security-tracker: DSA-2557-1 vs. tracker has caused the Debian Bug report #689977, regarding security-tracker: DSA-2557-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 689977: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689977 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hi everyone! it seems to me that the tracker page [1] for DSA-2557-1 [2] has a fixed version for stable that lacks the epoch (it should be 1:0.6.10-2+squeeze1, rather than 0.6.10-2+squeeze1). Please fix the tracker data. Thanks for your time! [1] http://security-tracker.debian.org/tracker/DSA-2557-1 [2] https://lists.debian.org/debian-security-announce/2012/msg00201.html ---End Message--- ---BeginMessage--- Op maandag 8 oktober 2012 19:16:33 schreef Francesco Poli (wintermute): Package: security-tracker Severity: normal Hi everyone! it seems to me that the tracker page [1] for DSA-2557-1 [2] has a fixed version for stable that lacks the epoch (it should be 1:0.6.10-2+squeeze1, rather than 0.6.10-2+squeeze1). Indeed it does. Thanks for the report! Thijs signature.asc Description: This is a digitally signed message part. ---End Message---
Bug#690807: marked as done (security-tracker: DSA-2559-1 vs. tracker)
Your message dated Wed, 17 Oct 2012 16:11:10 -0400 with message-id CANTw=MOtO8kA2KZM=vfamva5+n7jthservopxaswf+uue3w...@mail.gmail.com and subject line Re: Bug#690807: security-tracker: DSA-2559-1 vs. tracker has caused the Debian Bug report #690807, regarding security-tracker: DSA-2559-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 690807: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690807 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hi all, DSA-2559-1 [1] was issued, but the tracker seems to know nothing about it [2] yet. Please update the tracker data. Thanks for your time! [1] https://lists.debian.org/debian-security-announce/2012/msg00203.html [2] http://security-tracker.debian.org/tracker/DSA-2559-1 ---End Message--- ---BeginMessage--- On Wed, Oct 17, 2012 at 3:53 PM, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hi all, DSA-2559-1 [1] was issued, but the tracker seems to know nothing about it [2] yet. Please update the tracker data. The data is there. Apparently the tracker is in one of its finicky states again. Can someone with access to that machine look at it? Best wishes, Mike---End Message---
Bug#694663: marked as done (security-tracker: DSA-2578-1 vs. tracker)
Your message dated Fri, 30 Nov 2012 19:04:00 +0100 with message-id 72ff09745141a372adcca4b5a3307906.squir...@aphrodite.kinkhorst.nl and subject line Re: Bug#694663: security-tracker: DSA-2578-1 vs. tracker has caused the Debian Bug report #694663, regarding security-tracker: DSA-2578-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 694663: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694663 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello, although DSA-2578-1 [1] has been recently issued, the tracker still seems to be unaware of it [2]. Please update the tracker data. Thanks! [1] https://lists.debian.org/debian-security-announce/2012/msg00221.html [2] http://security-tracker.debian.org/tracker/DSA-2578-1 ---End Message--- ---BeginMessage--- On Wed, November 28, 2012 21:10, Francesco Poli \(wintermute\) wrote: Package: security-tracker Severity: normal Hello, although DSA-2578-1 [1] has been recently issued, the tracker still seems to be unaware of it [2]. Please update the tracker data. Thanks, it's there now so this was probably fixed in the mean time. Cheers, Thijs---End Message---
Bug#645196: marked as done (security-tracker: add link to source)
Your message dated Sun, 9 Dec 2012 14:51:40 +0100 with message-id b4d2ef417a130fc1971503386b40b3bb.squir...@aphrodite.kinkhorst.nl and subject line fixed for a while now has caused the Debian Bug report #645196, regarding security-tracker: add link to source to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 645196: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645196 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: wishlist Tags: patch Hi, it would be nice if a link to the source for the tracker was included. I attached an (untested) patch to do so. I am also wondering if the imprint is still current: it refers to www.enyo.de while the security tracker is now hosted on a debian.org machine. Regards, Ansgar Index: tracker_service.py === --- tracker_service.py (Revision 17414) +++ tracker_service.py (Arbeitskopie) @@ -1161,6 +1161,9 @@ Testing Security Team), - , A(url.absolute(http://www.debian.org/security/;), Debian Security), + - , A(url.absolute(http://anonscm.debian.org/viewvc/secure-testing/bin/tracker_service.py?view=markup;), + Source), + , A(url.absolute(svn://svn.debian.org/secure-testing), (SVN)), - , A(url.absolute (http://www.enyo.de/fw/impressum.html;), Imprint))) ---End Message--- ---BeginMessage--- Hi, it would be nice if a link to the source for the tracker was included. I attached an (untested) patch to do so. I am also wondering if the imprint is still current: it refers to www.enyo.de while the security tracker is now hosted on a debian.org machine. Both issues have been fixed a while ago. Cheers, Thijs---End Message---
Bug#699605: marked as done (security-tracker: DSA-2614-1,DSA-2615-1 vs. tracker)
Your message dated Sat, 02 Feb 2013 13:32:20 +0100 with message-id 1359808340.3811.0.camel@scapa and subject line Re: Bug#699605: security-tracker: DSA-2614-1,DSA-2615-1 vs. tracker has caused the Debian Bug report #699605, regarding security-tracker: DSA-2614-1,DSA-2615-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 699605: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699605 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hi all, DSA-2614-1 [1] and DSA-2615-1 [2] state that several vulnerabilities have been fixed in sid by libupnp/1:1.6.17-1.2 and by libupnp4/1.8.0~svn20100507-1.2 . However, the tracker seems to disagree [3][4][5][6][7][8][9][10] (it still claims that unstable is unfixed). Please update the tracker data. Thanks for your time! [1] https://lists.debian.org/debian-security-announce/2013/msg00018.html [2] https://lists.debian.org/debian-security-announce/2013/msg00019.html [3] https://security-tracker.debian.org/tracker/CVE-2012-5958 [4] https://security-tracker.debian.org/tracker/CVE-2012-5959 [5] https://security-tracker.debian.org/tracker/CVE-2012-5960 [6] https://security-tracker.debian.org/tracker/CVE-2012-5961 [7] https://security-tracker.debian.org/tracker/CVE-2012-5962 [8] https://security-tracker.debian.org/tracker/CVE-2012-5963 [9] https://security-tracker.debian.org/tracker/CVE-2012-5964 [10] https://security-tracker.debian.org/tracker/CVE-2012-5965 ---End Message--- ---BeginMessage--- On sam., 2013-02-02 at 12:48 +0100, Francesco Poli (wintermute) wrote: Please update the tracker data. Thanks for your time! Done, thanks. -- Yves-Alexis signature.asc Description: This is a digitally signed message part ---End Message---
Bug#700115: marked as done (security-tracker: DSA-2618-1 vs. tracker)
Your message dated Fri, 08 Feb 2013 22:00:23 + with message-id 1360360823.24960.7.ca...@jacala.jungle.funky-badger.org and subject line Re: Bug#700115: security-tracker: DSA-2618-1 vs. tracker has caused the Debian Bug report #700115, regarding security-tracker: DSA-2618-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 700115: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700115 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello, it seems to me that an epoch is missing from the squeeze fixed version of package ircd-hybrid in the tracker page [1] for DSA-2618-1 [2]. Please fix the tracker data. Thanks for your time! [1] https://security-tracker.debian.org/tracker/DSA-2618-1 [2] https://lists.debian.org/debian-security-announce/2013/msg00022.html P.S.: to be precise, the epoch seems to be missing from the actual DSA too, but that is not going to be fixed, I guess... ---End Message--- ---BeginMessage--- On Fri, 2013-02-08 at 22:37 +0100, Francesco Poli (wintermute) wrote: it seems to me that an epoch is missing from the squeeze fixed version of package ircd-hybrid in the tracker page [1] for DSA-2618-1 [2]. Also spotted, and fixed. Regards, Adam---End Message---
Processed: Re: Bug#709894: security-tracker: DSA-2694-1 vs. tracker
Processing control commands: tags -1 + confirmed Bug #709894 [security-tracker] security-tracker: DSA-2694-1 vs. tracker Added tag(s) confirmed. -- 709894: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709894 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b709894.136958272530573.transcr...@bugs.debian.org
Bug#709893: marked as done (security-tracker: DSA-2692-1 vs. tracker)
Your message dated Sun, 26 May 2013 22:06:26 +0200 with message-id 20130526200626.GA19735@elende and subject line Re: Bug#709893: security-tracker: DSA-2692-1 vs. tracker has caused the Debian Bug report #709893, regarding security-tracker: DSA-2692-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 709893: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709893 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello, DSA-2692-1 [1] says that CVE-2013-2001 has been fixed for sid in libxxf86vm/1:1.1.2-1+deb7u1 . On the other hand, the tracker [2] seems to disagree: it currently claims that the fixed version for unstable is 2:1.1.3-2+deb7u1 ... Is that a typo? Please clarify and/or update the tracker data. Thanks for your time! [1] https://lists.debian.org/debian-security-announce/2013/msg00100.html [2] https://security-tracker.debian.org/tracker/CVE-2013-2001 ---End Message--- ---BeginMessage--- On Sun, May 26, 2013 at 04:46:43PM +0200, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hello, DSA-2692-1 [1] says that CVE-2013-2001 has been fixed for sid in libxxf86vm/1:1.1.2-1+deb7u1 . On the other hand, the tracker [2] seems to disagree: it currently claims that the fixed version for unstable is 2:1.1.3-2+deb7u1 ... Is that a typo? Is updated now. Regards, Salvatore---End Message---
Bug#709894: marked as done (security-tracker: DSA-2694-1 vs. tracker)
Your message dated Sun, 26 May 2013 22:07:54 +0200 with message-id 20130526200754.GB19735@elende and subject line Re: Bug#709894: security-tracker: DSA-2694-1 vs. tracker has caused the Debian Bug report #709894, regarding security-tracker: DSA-2694-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 709894: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709894 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello again, there seems to be no tracker page [1] for DSA-2694-1 [2]. Please update the tracker data. Thanks again for your time! [1] https://security-tracker.debian.org/tracker/DSA-2694-1 [2] https://lists.debian.org/debian-security-announce/2013/msg00103.html ---End Message--- ---BeginMessage--- Hi Francesco On Sun, May 26, 2013 at 04:48:50PM +0200, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hello again, there seems to be no tracker page [1] for DSA-2694-1 [2]. Please update the tracker data. Thanks again for your time! [1] https://security-tracker.debian.org/tracker/DSA-2694-1 [2] https://lists.debian.org/debian-security-announce/2013/msg00103.html Website is now also updated. Note: entries for unstable are for now still missing, I'm waiting for a CVE assignment. Regards, Salvatore---End Message---
Bug#717103: marked as done (security-tracker: DSA-2722-1 vs. tracker)
Your message dated Wed, 17 Jul 2013 10:58:28 +0200 with message-id 20130717085828.GA30195@elende and subject line Re: Bug#717103: security-tracker: DSA-2722-1 vs. tracker has caused the Debian Bug report #717103, regarding security-tracker: DSA-2722-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 717103: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717103 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hi, DSA-2722-1 [1] says that many vulnerabilities have been fixed for sid in openjdk-7/7u25-2.3.10-1 . The tracker seems to agree for all the vulnerabilities but CVE-2013-2454, which is claimed to be still present in sid [2]. Is that an oversight? Please clarify and/or update the tracker data. Thanks for your time! [1] https://lists.debian.org/debian-security-announce/2013/msg00132.html [2] https://security-tracker.debian.org/tracker/CVE-2013-2454 ---End Message--- ---BeginMessage--- Hi Francesco, On Tue, Jul 16, 2013 at 10:38:46PM +0200, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hi, DSA-2722-1 [1] says that many vulnerabilities have been fixed for sid in openjdk-7/7u25-2.3.10-1 . The tracker seems to agree for all the vulnerabilities but CVE-2013-2454, which is claimed to be still present in sid [2]. Is that an oversight? Should now reflect how it's correct. Regards, Salvatore---End Message---
Bug#718170: marked as done (security-tracker: DSA-2728-1 vs. tracker)
Your message dated Sun, 28 Jul 2013 21:30:10 +0200 with message-id 20130728193010.GA27469@eldamar.local and subject line Re: Bug#718170: security-tracker: DSA-2728-1 vs. tracker has caused the Debian Bug report #718170, regarding security-tracker: DSA-2728-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 718170: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718170 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello everybody, it seems to me that there is no tracker page [1] for DSA-2728-1 [2]. Please update the tracker. Thanks for your time. [1] https://security-tracker.debian.org/tracker/DSA-2728-1 [2] https://lists.debian.org/debian-security-announce/2013/msg00138.html ---End Message--- ---BeginMessage--- Hi Francesco, On Sun, Jul 28, 2013 at 12:15:33PM +0200, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hello everybody, it seems to me that there is no tracker page [1] for DSA-2728-1 [2]. Please update the tracker. Thanks for your time. [1] https://security-tracker.debian.org/tracker/DSA-2728-1 [2] https://lists.debian.org/debian-security-announce/2013/msg00138.html Unfortunately there where again problems on alioth hosts processing mails, which also hosts the tracker svn repository. It was already commited, and should be updated now also on webpage. Thanks for your checking! Regards, Salvatore---End Message---
Bug#608994: marked as done (Not all DSAs are displayed in the package overview page)
Your message dated Sun, 28 Jul 2013 15:40:18 -0400 with message-id CANTw=MOPQc+6=zATaX-KSy=vdb7gariy5ksvqzgck-9cpb5...@mail.gmail.com and subject line Re: Bug#608994: Not all DSAs are displayed in the package overview page has caused the Debian Bug report #608994, regarding Not all DSAs are displayed in the package overview page to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 608994: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608994 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal The package page doesn't list all DSAs, e.g. http://security-tracker.debian.org/tracker/source-package/krb5 All the pre-Lenny DSAs are missing, like DSA-1524 Cheers, Moritz ---End Message--- ---BeginMessage--- On Wed, Jan 5, 2011 at 4:52 AM, Moritz Muehlenhoff wrote: Package: security-tracker Severity: normal The package page doesn't list all DSAs, e.g. http://security-tracker.debian.org/tracker/source-package/krb5 All the pre-Lenny DSAs are missing, like DSA-1524 This appears to have been fixed at some point. Best wishes, Mike---End Message---
Bug#614887: marked as done (don't display the full CVE description in package report)
Your message dated Sun, 28 Jul 2013 15:48:59 -0400 with message-id CANTw=MMj3uiVPe_htU5xbMCg6F-bWdS5_YGkdBM0E5D1r=d...@mail.gmail.com and subject line Re: Bug#614887: don't display the full CVE description in package report has caused the Debian Bug report #614887, regarding don't display the full CVE description in package report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 614887: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614887 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Hi, The new view is quite annoying. Don't know how it looks on a big screen, but on a 1024 screen it makes the page rather useless. The individual CVE page already displays the full description, if somebody wants it (instead of just the first 80 chars, for example) then put it behind some js. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net ---End Message--- ---BeginMessage--- On Wed, Feb 23, 2011 at 6:56 PM, Raphael Geissert wrote: Package: security-tracker Hi, The new view is quite annoying. Don't know how it looks on a big screen, but on a 1024 screen it makes the page rather useless. The individual CVE page already displays the full description, if somebody wants it (instead of just the first 80 chars, for example) then put it behind some js. I reverted this change shortly after it was made. Best wishes, Mike---End Message---
Bug#721660: marked as done (security-tracker: DSA-2749-1 vs. tracker)
Your message dated Tue, 3 Sep 2013 09:07:13 +0200 with message-id 84cc5571988207273dd3c13c40f6499c.squir...@aphrodite.kinkhorst.nl and subject line Re: Bug#721660: security-tracker: DSA-2749-1 vs. tracker has caused the Debian Bug report #721660, regarding security-tracker: DSA-2749-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 721660: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721660 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hi all, it seems to me that there's a missing epoch in the wheezy fixed version of asterisk for DSA-2749-1 [1][2]. [1] https://lists.debian.org/debian-security-announce/2013/msg00160.html [2] https://security-tracker.debian.org/tracker/DSA-2749-1 Please fix the tracker data. Thanks for your time! ---End Message--- ---BeginMessage--- On Mon, September 2, 2013 22:34, Francesco Poli \(wintermute\) wrote: Package: security-tracker Severity: normal Hi all, it seems to me that there's a missing epoch in the wheezy fixed version of asterisk for DSA-2749-1 [1][2]. [1] https://lists.debian.org/debian-security-announce/2013/msg00160.html [2] https://security-tracker.debian.org/tracker/DSA-2749-1 Please fix the tracker data. Thanks for your time! Epoch added, thanks! Thijs---End Message---
Bug#731779: marked as done (security-tracker: DSA-2812-1 vs. tracker)
Your message dated Mon, 9 Dec 2013 20:03:38 +0100 with message-id 20131209190338.GA30617@eldamar.local and subject line Re: Bug#731779: security-tracker: DSA-2812-1 vs. tracker has caused the Debian Bug report #731779, regarding security-tracker: DSA-2812-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 731779: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731779 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello, there seems to be a missing epoch in the squeeze and wheezy fixed versions of samba for DSA-2812-1 [1][2]. [1] https://lists.debian.org/debian-security-announce/2013/msg00226.html [2] https://security-tracker.debian.org/tracker/DSA-2812-1 Could you please fix the tracker data? Thanks for your time! ---End Message--- ---BeginMessage--- Hi Francesco On Mon, Dec 09, 2013 at 07:43:17PM +0100, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hello, there seems to be a missing epoch in the squeeze and wheezy fixed versions of samba for DSA-2812-1 [1][2]. [1] https://lists.debian.org/debian-security-announce/2013/msg00226.html [2] https://security-tracker.debian.org/tracker/DSA-2812-1 Could you please fix the tracker data? Thanks for your time! Thanks for noticing, fixend in the tracker. Regards, Salvatore---End Message---
Bug#732575: marked as done (security-tracker: DSA-2822-1 vs. tracker)
Your message dated Thu, 19 Dec 2013 06:42:28 +0100 with message-id 20131219054228.ga11...@lorien.valinor.li and subject line Re: Bug#732575: security-tracker: DSA-2822-1 vs. tracker has caused the Debian Bug report #732575, regarding security-tracker: DSA-2822-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 732575: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732575 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hi all! It seems to me that the squeeze and wheezy fixed versions of xorg-server are missing an epoch in DSA-2822-1 [1][2]. [1] https://lists.debian.org/debian-security-announce/2013/msg00236.html [2] https://security-tracker.debian.org/tracker/DSA-2822-1 Please fix the tracker data. Thanks a lot for your time! Bye. ---End Message--- ---BeginMessage--- Hi Francesco, On Wed, Dec 18, 2013 at 11:45:52PM +0100, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hi all! It seems to me that the squeeze and wheezy fixed versions of xorg-server are missing an epoch in DSA-2822-1 [1][2]. [1] https://lists.debian.org/debian-security-announce/2013/msg00236.html [2] https://security-tracker.debian.org/tracker/DSA-2822-1 Please fix the tracker data. Thanks a lot for your time! Thanks for reporting. Just commited. Regards, Salvatore---End Message---
Bug#735939: marked as done (security-tracker: DSA-2846-1 vs. tracker)
Your message dated Sun, 19 Jan 2014 21:58:22 +0100 with message-id 20140119205822.GA10648@eldamar.local and subject line Re: Bug#735939: security-tracker: DSA-2846-1 vs. tracker has caused the Debian Bug report #735939, regarding security-tracker: DSA-2846-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 735939: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735939 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello everybody, DSA-2846-1 [1] says that two vulnerabilities have been fixed in sid by libvirt/1.2.1-1 . The tracker seems to agree for CVE-2014-1447, but not for CVE-2013-6458, which is claimed to be still present in sid [2]. I think the tracker data should be updated. Thanks for your time! [1] https://lists.debian.org/debian-security-announce/2014/msg00015.html [2] https://security-tracker.debian.org/tracker/CVE-2013-6458 ---End Message--- ---BeginMessage--- Hi Francesco, On Sat, Jan 18, 2014 at 10:17:52PM +0100, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hello everybody, DSA-2846-1 [1] says that two vulnerabilities have been fixed in sid by libvirt/1.2.1-1 . The tracker seems to agree for CVE-2014-1447, but not for CVE-2013-6458, which is claimed to be still present in sid [2]. I think the tracker data should be updated. Thanks for your time! Thanks for noticing. The fix was iin experimental, now in unstable with the 1.2.1-1 upload. Should be correct now also in the tracker. Regards, Salvatore---End Message---
Bug#683986: marked as done (security-tracker: automated testing announcement emails)
Your message dated Sat, 8 Feb 2014 11:53:50 +0100 with message-id 20140208105349.GA8082@pisco.westfalen.local and subject line Re: security-tracker: automated testing announcement emails has caused the Debian Bug report #683986, regarding security-tracker: automated testing announcement emails to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 683986: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683986 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Hi Florian, On soler there's still the script that used to send the automatic testing announcement emails. I think it's been over a year since it broke due to changes in the security tracker's db schema. Since it is pretty obscure to me, would you please implement the feature in the tracker itself? Thanks. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net ---End Message--- ---BeginMessage--- On Sun, Aug 05, 2012 at 07:54:26PM -0500, Raphael Geissert wrote: Package: security-tracker Hi Florian, On soler there's still the script that used to send the automatic testing announcement emails. I think it's been over a year since it broke due to changes in the security tracker's db schema. Since it is pretty obscure to me, would you please implement the feature in the tracker itself? These announcements are no longer sent and there's no longer a testing security team, so we can just close the bug. Cheers, Moritz---End Message---
Bug#738202: marked as done (security-tracker: DSA-2856-1 vs. tracker)
Your message dated Sat, 8 Feb 2014 18:23:20 +0100 with message-id 20140208172320.GA18060@eldamar.local and subject line Re: Bug#738202: security-tracker: DSA-2856-1 vs. tracker has caused the Debian Bug report #738202, regarding security-tracker: DSA-2856-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 738202: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738202 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello, DSA-2856-1 [1] states that CVE-2014-0050 is fixed in oldstable and stable security updates for libcommons-fileupload-java. [1] https://lists.debian.org/debian-security-announce/2014/msg00026.html The tracker seems to agree on its DSA page [2], but seems to miss the link with the CVE. As a consequence the CVE page [3] still shows libcommons-fileupload-java as vulnerable in oldstable (security) and stable (security)... [2] https://security-tracker.debian.org/tracker/DSA-2856-1 [3] https://security-tracker.debian.org/tracker/CVE-2014-0050 Please update the tracker data accordingly. Thanks for your time! Bye. ---End Message--- ---BeginMessage--- HI Franceso, On Sat, Feb 08, 2014 at 05:10:09PM +0100, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hello, DSA-2856-1 [1] states that CVE-2014-0050 is fixed in oldstable and stable security updates for libcommons-fileupload-java. [1] https://lists.debian.org/debian-security-announce/2014/msg00026.html The tracker seems to agree on its DSA page [2], but seems to miss the link with the CVE. As a consequence the CVE page [3] still shows libcommons-fileupload-java as vulnerable in oldstable (security) and stable (security)... [2] https://security-tracker.debian.org/tracker/DSA-2856-1 [3] https://security-tracker.debian.org/tracker/CVE-2014-0050 Please update the tracker data accordingly. Thanks, it is fixed now. Regards, Salvatore---End Message---
Processed: Re: Bug#738172: Track renames of source packages
Processing control commands: reassign -1 security-tracker Bug #738172 [security-tracker.debian.org] Track renames of source packages Warning: Unknown package 'security-tracker.debian.org' Bug reassigned from package 'security-tracker.debian.org' to 'security-tracker'. Ignoring request to alter found versions of bug #738172 to the same values previously set Ignoring request to alter fixed versions of bug #738172 to the same values previously set -- 738172: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738172 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b738172.139188758911997.transcr...@bugs.debian.org
Bug#738584: marked as done (security-tracker: DSA-2858-1 vs. tracker)
Your message dated Tue, 11 Feb 2014 07:48:27 +0100 with message-id 20140211064827.GA14511@eldamar.local and subject line Re: Bug#738584: security-tracker: DSA-2858-1 vs. tracker has caused the Debian Bug report #738584, regarding security-tracker: DSA-2858-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 738584: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738584 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello all, DSA-2858-1 [1] states that several vulnerabilities have been fixed in sid by iceweasel/24.3.0esr-1, but the tracker disagrees for two of them [2][3] (the tracker claims that sid is still vulnerable). [1] https://lists.debian.org/debian-security-announce/2014/msg00028.html [2] https://security-tracker.debian.org/tracker/CVE-2014-1490 [3] https://security-tracker.debian.org/tracker/CVE-2014-1491 Please clarify and/or update the tracker data. Thanks for your time! ---End Message--- ---BeginMessage--- Hi, On Mon, Feb 10, 2014 at 09:57:19PM +0100, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hello all, DSA-2858-1 [1] states that several vulnerabilities have been fixed in sid by iceweasel/24.3.0esr-1, but the tracker disagrees for two of them [2][3] (the tracker claims that sid is still vulnerable). [1] https://lists.debian.org/debian-security-announce/2014/msg00028.html [2] https://security-tracker.debian.org/tracker/CVE-2014-1490 [3] https://security-tracker.debian.org/tracker/CVE-2014-1491 Please clarify and/or update the tracker data. Thanks for your time! Thanks! Fixed now. Regards, Salvatore---End Message---
Bug#727534: marked as done (security-tracker: Add tabular view listing all CVEs and version table for a source package)
Your message dated Mon, 17 Mar 2014 12:33:08 +0100 with message-id 20140317113308.ga3...@lorien.valinor.li and subject line Re: Bug#727534: security-tracker: Add tabular view listing all CVEs and version table for a source package has caused the Debian Bug report #727534, regarding security-tracker: Add tabular view listing all CVEs and version table for a source package to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 727534: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727534 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: wishlist Hi On last DebConf Antonio Terceiro brought up the following idea for an additional view for a source package in the security-tracker. I'm opening the bugreport to not forget about it. It would be nice to have for a given source package a report/view listing in a table each (in at least a suite open) CVE, with collumns marking if fixed in the given suite. srpkg: +---+---++---+-+---+---+ | CVE | oldstable | oldstable-security | stable| stable-security | testing | unstable | +---+---++---+-+---+---+ | CVE-1234-5678 | unfixed | 1.2-3+squeeze1 | unfixed | 1.3-4+deb7u1 | unfixed | 1.5 | | CVE-5678-1234 | unfixed | unfixed | unfixed | unfixed | unfixed | unfixed | +---+---++---+-+---+---+ Im principle it should look like an aggregated view of each CVE page, for a queried source package. Regards, Salvatore ---End Message--- ---BeginMessage--- Hi, On Wed, Feb 12, 2014 at 11:19:50AM +0100, Luciano Bello wrote: On Tuesday 11 February 2014 19:05:21 Antonio Terceiro wrote: now the patches :-) This is great! Let me take a look and I will push them (probably during the weekend) officially. Thanks! This is now active, see .e.g. https://security-tracker.debian.org/tracker/source-package/ruby1.9.1 :) Regards, Salvatore---End Message---
Processed: tagging 742389
Processing commands for cont...@bugs.debian.org: tags 742389 + moreinfo Bug #742389 [security-tracker] security-tracker: Sype Install Fails Added tag(s) moreinfo. thanks Stopping processing here. Please contact me if you need assistance. -- 742389: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742389 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.c.139555807830457.transcr...@bugs.debian.org
Bug#742389: marked as done (security-tracker: Sype Install Fails)
Your message dated Sun, 23 Mar 2014 09:02:49 +0200 with message-id 20140323070249.ga10...@kludge.henri.nerv.fi and subject line needmoreinfo has caused the Debian Bug report #742389, regarding security-tracker: Sype Install Fails to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 742389: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742389 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: important Dear Maintainer, *** Please consider answering these questions, where appropriate *** * What led up to the situation? * What exactly did you do (or not do) that was effective (or ineffective)? * What was the outcome of this action? * What outcome did you expect instead? *** End of the template - remove these lines *** -- System Information: Debian Release: Kali Linux 1.0.6 Architecture: amd64 (x86_64) Kernel: Linux 3.12-kali1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash ---End Message--- ---BeginMessage--- Closing as this report does not contain enough information. Reopen if needed. --- Henri Salo signature.asc Description: Digital signature ---End Message---
Processed: closing 742389
Processing commands for cont...@bugs.debian.org:
# opened without information and possibly wrong package
close 742389
Bug #742389 {Done: Henri Salo henri.s...@kapsi.fi} [security-tracker]
security-tracker: Sype Install Fails
Bug 742389 is already marked as done; not doing anything.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
742389: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742389
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/handler.s.c.139555838531980.transcr...@bugs.debian.org
Bug#743046: marked as done (security-tracker: DSA-2891-1 vs. tracker)
Your message dated Sun, 30 Mar 2014 21:53:18 +0200 with message-id 20140330195318.GA24146@eldamar.local and subject line Re: Bug#743046: security-tracker: DSA-2891-1 vs. tracker has caused the Debian Bug report #743046, regarding security-tracker: DSA-2891-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 743046: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743046 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello! The tracker data [1] for DSA-2891-1 [2] seems to miss an epoch for the wheezy fixed version of package mediawiki. [1] https://security-tracker.debian.org/tracker/DSA-2891-1 [2] https://lists.debian.org/debian-security-announce/2014/msg00064.html Please fix the data. Thanks for your time! Bye. ---End Message--- ---BeginMessage--- Hi, On Sun, Mar 30, 2014 at 03:09:47PM +0200, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hello! The tracker data [1] for DSA-2891-1 [2] seems to miss an epoch for the wheezy fixed version of package mediawiki. [1] https://security-tracker.debian.org/tracker/DSA-2891-1 [2] https://lists.debian.org/debian-security-announce/2014/msg00064.html Please fix the data. Thanks for your time! Thanks for noticing. Have commited the change in svn and should appear on the tracker soon. Regards, Salvatore signature.asc Description: Digital signature ---End Message---
Bug#752110: marked as done (security-tracker: DSA-2962-1 vs. tracker)
Your message dated Thu, 19 Jun 2014 21:32:58 +0200 with message-id 71df8603bb706231b77c613d7c41b382.squir...@aphrodite.kinkhorst.nl and subject line Re: Bug#752110: security-tracker: DSA-2962-1 vs. tracker has caused the Debian Bug report #752110, regarding security-tracker: DSA-2962-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 752110: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752110 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello everybody! DSA-2962-1 [1] states that CVE-2014-1545 is fixed in sid by nspr/2:4.10.6-1, but the tracker [2] seems to disagree (it currenctly claims that sid is still vulnerable). [1] https://lists.debian.org/debian-security-announce/2014/msg00143.html [2] https://security-tracker.debian.org/tracker/CVE-2014-1545 Please update the tracker data. Thanks for your time! Bye. ---End Message--- ---BeginMessage--- On Thu, June 19, 2014 19:20, Francesco Poli \(wintermute\) wrote: Package: security-tracker Severity: normal Hello everybody! DSA-2962-1 [1] states that CVE-2014-1545 is fixed in sid by nspr/2:4.10.6-1, but the tracker [2] seems to disagree (it currenctly claims that sid is still vulnerable). [1] https://lists.debian.org/debian-security-announce/2014/msg00143.html [2] https://security-tracker.debian.org/tracker/CVE-2014-1545 Please update the tracker data. Thanks for your time Indeed, I've added the version that this was fixed for in sid now. Thanks! Cheers, Thijs---End Message---
Processed: reassign 755800 to security-tracker
Processing commands for cont...@bugs.debian.org: reassign 755800 security-tracker Bug #755800 [security-tracker.debian.org] bogus urgency field from security-tracker Warning: Unknown package 'security-tracker.debian.org' Bug reassigned from package 'security-tracker.debian.org' to 'security-tracker'. Ignoring request to alter found versions of bug #755800 to the same values previously set Ignoring request to alter fixed versions of bug #755800 to the same values previously set thanks Stopping processing here. Please contact me if you need assistance. -- 755800: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755800 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.c.140612330918296.transcr...@bugs.debian.org
Processed: Re: Bug#755800: Acknowledgement (bogus urgency field from security-tracker)
Processing control commands: reassign -1 security-tracker Bug #755800 [security-tracker] bogus urgency field from security-tracker Ignoring request to reassign bug #755800 to the same package -- 755800: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755800 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b755800.140612359320383.transcr...@bugs.debian.org
Processed: Re: Bug #758698: security-tracker: Valid, trusted Certificates Fail Validation
Processing commands for cont...@bugs.debian.org: reassign 758698 ca-certificates Bug #758698 [security-tracker] security-tracker: Valid, trusted Certificates Fail Validation Bug reassigned from package 'security-tracker' to 'ca-certificates'. Ignoring request to alter found versions of bug #758698 to the same values previously set Ignoring request to alter fixed versions of bug #758698 to the same values previously set thanks Stopping processing here. Please contact me if you need assistance. -- 758698: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758698 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.c.140852818417033.transcr...@bugs.debian.org
Processed: reopening 759727
Processing commands for cont...@bugs.debian.org:
reopen 759727
Bug #759727 {Done: Florian Weimer f...@deneb.enyo.de} [security-tracker]
patches for including LTS into security-tracker.d.o
Bug reopened
Ignoring request to alter fixed versions of bug #759727 to the same values
previously set
thanks
Stopping processing here.
Please contact me if you need assistance.
--
759727: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759727
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/handler.s.c.140954795011233.transcr...@bugs.debian.org
Bug#759727: marked as done (patches for including LTS into security-tracker.d.o)
Your message dated Mon, 1 Sep 2014 19:36:03 +0200
with message-id 20140901173603.GA20612@eldamar.local
and subject line Re: Bug#759727: patches for including LTS into
security-tracker.d.o
has caused the Debian Bug report #759727,
regarding patches for including LTS into security-tracker.d.o
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
759727: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759727
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
package: security-tracker
severity: wishlist
tags: patch
x-debbugs-cc: debian-...@lists.debian.org
Hi,
attached are my patches making the security-tracker aware of squeeze-lts. I've
tested that in a local instance of the tracker and they work nicely.
I think they should be submitted as they are, and as Raphael suggested I send
them here for review, I did that. Let me know if I shall commit :)
A few comments:
$ svn diff|diffstat
Makefile | 23 -
fine, I think, I slighlty dislike the variables squeeze_LTS_ARCHS and
LTS_MIRROR as well as the update-lts* targets, but it does the trick.
bin/check-syntax |6 ++-
bin/tracker_service.py |2 +
bin/update |2 -
bin/updatelist |2 +
lib/python/sectracker/parsers.py | 17 +
stupid codecopy, but hey, the loader for DTSAs was already a copy of the one
for DSAs, so I figured adding one more wasnt too painful ;)
lib/python/bugs.py | 47
+--
stupid codecopy, similar to the one in parsers.py... ;)
lib/python/sectracker_test/test_analyzers.py |1
lib/python/sectracker_test/test_parsers.py |5 ++
lib/python/security_db.py| 35 +---
here I use a trick to make the whole code easier: the release is changed from
squeeze-lts to squeeze and subrelease is set to lts, so that this
matches the security suites. the other changes are then straightforward.
10 files changed, 121 insertions(+), 19 deletions(-)
That's it.
cheers,
Holger
Index: Makefile
===
--- Makefile (Revision 28502)
+++ Makefile (Arbeitskopie)
@@ -7,6 +7,7 @@
MIRROR = http://cdn.debian.net/debian/
squeeze_ARCHS = amd64 armel i386 ia64 mips mipsel powerpc s390 sparc kfreebsd-i386 kfreebsd-amd64
+squeeze_LTS_ARCHS = amd64 i386
wheezy_ARCHS = amd64 armel armhf i386 ia64 mips mipsel powerpc s390 s390x sparc kfreebsd-i386 kfreebsd-amd64
jessie_ARCHS = amd64 armel armhf i386 mips mipsel powerpc s390x kfreebsd-i386 kfreebsd-amd64
sid_ARCHS = amd64 armel armhf hurd-i386 i386 kfreebsd-i386 kfreebsd-amd64 mips mipsel powerpc s390x sparc
@@ -27,7 +28,7 @@
test check: check-syntax
check-syntax: stamps/CVE-syntax \
- stamps/DSA-syntax stamps/DTSA-syntax
+ stamps/DSA-syntax stamps/DTSA-syntax stamps/DLA-syntax
stamps/CVE-syntax: data/CVE/list bin/check-syntax $(PYTHON_MODULES)
$(PYTHON) bin/check-syntax CVE data/CVE/list
@@ -41,6 +42,10 @@
$(PYTHON) bin/check-syntax DTSA data/DTSA/list
touch $@
+stamps/DLA-syntax: data/DLA/list bin/check-syntax $(PYTHON_MODULES)
+ $(PYTHON) bin/check-syntax DLA data/DLA/list
+ touch $@
+
.PHONY: serve
serve:
@bash bin/test-web-server
@@ -136,7 +141,7 @@
done ; \
done
-update-old-security:
+update-old-security: update-lts
for archive in $(OLDSTABLE); do \
for section in main contrib non-free ; do \
$(PYTHON) bin/apt-update-file \
@@ -150,6 +155,20 @@
done ; \
done
+LTS_MIRROR = http://ftp.de.debian.org/debian/dists
+update-lts: update-lts-$(OLDSTABLE)
+
+update-lts-$(OLDSTABLE):
+ set -e archive=$(shell echo $@ | cut -d- -f3) ; \
+ for arch in $($(shell echo $@ | cut -d- -f3)_LTS_ARCHS) ; do \
+ $(PYTHON) bin/apt-update-file \
+ $(LTS_MIRROR)/$${archive}-lts/main/binary-$$arch/Packages \
+ data/packages/$${archive}-lts__main_$${arch}_Packages ; \
+ done ; \
+ $(PYTHON) bin/apt-update-file \
+ $(LTS_MIRROR)/$${archive}-lts/main/source/Sources \
+ data/packages/$${archive}-lts__main_Sources ; \
+
BACKPORTS_MIRROR = http://ftp.de.debian.org/debian-backports/dists
update-backports: update-backports-$(STABLE) update-backports-$(OLDSTABLE)
Index: lib/python/security_db.py
===
--- lib/python/security_db.py (Revision 28502)
+++ lib/python/security_db.py (Arbeitskopie)
@@ -1,4 +1,4
Bug#755800: marked as done (bogus urgency field from security-tracker)
Your message dated Wed, 10 Sep 2014 13:26:15 +0200 with message-id 201409101326.17277.hol...@layer-acht.org and subject line not really bogus has caused the Debian Bug report #755800, regarding bogus urgency field from security-tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 755800: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755800 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- package: security-tracker.debian.org severity: wishlist Hi, looking at https://security- tracker.debian.org/tracker/status/release/oldstable (unstable too) it seems to me the urgency field is rather unused, for oldstable all entries are either low or not yet assigned (unstable has one high urgency entry, while way more in reality), so I'd like to propose to remove this field completly as it's confusing and irrelevant. cheers, Holger signature.asc Description: This is a digitally signed message part. ---End Message--- ---BeginMessage--- Hi, the field is not really bogus, just seldom used, thus closing this bug report. cheers, Holger signature.asc Description: This is a digitally signed message part. ---End Message---
Processed: retitle
Processing commands for cont...@bugs.debian.org: retitle 761061 tracker doesnt show some closed issues as done Bug #761061 [security-tracker] tracker doesnt show closed issues as done Changed Bug title to 'tracker doesnt show some closed issues as done' from 'tracker doesnt show closed issues as done' thanks Stopping processing here. Please contact me if you need assistance. -- 761061: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761061 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.c.14103510158541.transcr...@bugs.debian.org
Bug#610222: marked as done (http://security-tracker.debian.org/tracker/data/releases broken)
Your message dated Thu, 11 Sep 2014 12:40:03 +0200 with message-id 201409111240.05268.hol...@layer-acht.org and subject line http://security-tracker.debian.org/tracker/data/releases works for me has caused the Debian Bug report #610222, regarding http://security-tracker.debian.org/tracker/data/releases broken to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 610222: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610222 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal The per-suite architecture list is currently broken (,, 0, 3, 4, 6, 8, 9, a, c, d, e, h, i, l, m, o, p, r, s, w). ---End Message--- ---BeginMessage--- Hi Florian, http://security-tracker.debian.org/tracker/data/releases works for me today, thus closing. Please reopen and clarify if I misunderstood your bugreport. cheers, Holger signature.asc Description: This is a digitally signed message part. ---End Message---
Processed: merge
Processing commands for cont...@bugs.debian.org: forcemerge 761061 742382 Bug #761061 [security-tracker] tracker doesnt show some closed issues as done Bug #742382 [security-tracker] security-tracker: tablular view doesn't consider oldstable/stable (security) repositories Severity set to 'important' from 'normal' Merged 742382 761061 thanks Stopping processing here. Please contact me if you need assistance. -- 742382: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742382 761061: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761061 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.c.14104319628319.transcr...@bugs.debian.org
Processed: pending
Processing commands for cont...@bugs.debian.org: tags 482577 + pending Bug #482577 [security-tracker] pending notation Added tag(s) pending. tags 742382 + pending Bug #742382 [security-tracker] security-tracker: tablular view doesn't consider oldstable/stable (security) repositories Bug #761061 [security-tracker] tracker doesnt show some closed issues as done Added tag(s) pending. Added tag(s) pending. # got patches # will submit them later thanks Stopping processing here. Please contact me if you need assistance. -- 482577: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482577 742382: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742382 761061: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761061 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.c.141043374020500.transcr...@bugs.debian.org
Processed: Re: pending
Processing commands for cont...@bugs.debian.org: tags 482577 - pending Bug #482577 [security-tracker] pending notation Removed tag(s) pending. # need more tea thanks Stopping processing here. Please contact me if you need assistance. -- 482577: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482577 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.c.141043382521215.transcr...@bugs.debian.org
Bug#482577: marked as done (pending notation)
Your message dated Thu, 11 Sep 2014 13:35:44 +0200 with message-id 2014093544.gb19...@inutil.org and subject line Re: Bug#482577: still applicable today? (pending notation) has caused the Debian Bug report #482577, regarding pending notation to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 482577: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482577 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker I've been trying to use the tracker repository more actively for tracking kernel updates and so far it is going pretty well. One feature request I have is the ability to mark an issue as pending. Usually multiple issues are queued up for a kernel DSA, and its nice to be able to filter out issues that have already been committed to the kernel repository. I know I could use NOTEs for this, but I'd prefer to be able to note this on a per-package basis. Something like the following would work for my use case: CVE-2008-2136 (Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux ...) - linux-2.6 unfixed - linux-2.6 unfixed (pending 2.6.18.dfsg.1-18etch5) - linux-2.6.24 unfixed (pending 2.6.24-6~etchnhalf.3) NOTE: Upstream commit: 36ca34cc3b8335eb1fe8bd9a1d0a2592980c3f02 Or, maybe it makes more sense to add a new status - e.g. pending instead of unfixed; I don't have enough experience with the tracker to say for sure. (And I realize that I could write my own tool to cross-reference the security tracker w/ the kernel repository, but hey - I'm lazy.. and this might be a good feature for the tracker in general). -- dann frazier ---End Message--- ---BeginMessage--- On Thu, Sep 11, 2014 at 12:42:09PM +0200, Holger Levsen wrote: Hi, is this bug still of concern today? No activity since 5 years so I assume this problem has been solved or disappeared by now ;) We can close this. With the current gen-dsa script the update can be prepared in advance. Cheers, Moritz---End Message---
Processed: Re: Bug#742855: order by release? you mean release_date?
Processing control commands: tags -1 + pending Bug #742855 [security-tracker] security-tracker: tabular view should always be by release order Added tag(s) pending. -- 742855: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742855 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b742855.141043911524106.transcr...@bugs.debian.org
Processed: hah!
Processing commands for cont...@bugs.debian.org: tags 610220 + pending Bug #610220 [security-tracker] Show URLs in TODO/NOTE as hyperlinks in the web view Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 610220: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610220 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.c.14104595514028.transcr...@bugs.debian.org
Processed: Re: Bug#642987: another example for an end-of-life
Processing control commands: tags -1 + pending Bug #642987 [security-tracker] Entries marked as end-of-life should not be displayed as fixed in the web overview Added tag(s) pending. -- 642987: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642987 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b642987.14104745514715.transcr...@bugs.debian.org
Processed: Re: Bug#742855: Sort releases correctly in tabular view. (Closes: #742855)
Processing control commands: tags -1 - pending Bug #742855 [security-tracker] security-tracker: tabular view should always be by release order Removed tag(s) pending. -- 742855: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742855 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b742855.141058070224860.transcr...@bugs.debian.org
Processed: Re: Bug#610220: Show URLs in TODO/NOTE as hyperlinks in the web view
Processing control commands: tags -1 - pending Bug #610220 [security-tracker] Show URLs in TODO/NOTE as hyperlinks in the web view Removed tag(s) pending. -- 610220: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610220 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b610220.14105893491552.transcr...@bugs.debian.org
Processed: security-tracker: remove hardcoding of various data from Debian's apt repositories
Processing control commands: block -1 by 761348 Bug #761353 [security-tracker] security-tracker: remove hardcoding of various data from Debian's apt repositories 761353 was not blocked by any bugs. 761353 was not blocking any bugs. Added blocking bug(s) of 761353: 761348 -- 761353: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761353 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b.14105956952257.transcr...@bugs.debian.org
Processed: make generated HTML CSS-friendlier
Processing control commands: tags -1 + pending Bug #611163 [security-tracker] make generated HTML CSS-friendlier Added tag(s) pending. -- 611163: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611163 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b611163.14107327735144.transcr...@bugs.debian.org
Processed: Re: Bug#610220: Show URLs in TODO/NOTE as hyperlinks in the web view
Processing control commands: tags -1 + pending Bug #610220 [security-tracker] Show URLs in TODO/NOTE as hyperlinks in the web view Added tag(s) pending. -- 610220: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610220 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b610220.141079005825508.transcr...@bugs.debian.org
Bug#611163: marked as done (make generated HTML CSS-friendlier)
Your message dated Mon, 15 Sep 2014 21:31:57 +0200 with message-id 201409152132.42383.hol...@layer-acht.org and subject line Re: Bug#611163: nice css: let there be patches... has caused the Debian Bug report #611163, regarding make generated HTML CSS-friendlier to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 611163: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611163 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: wishlist In order to apply some CSS the generated code needs to be friendlier, for example: * include ids in the tags * use divs instead of tables Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net ---End Message--- ---BeginMessage--- Hi, On Montag, 15. September 2014, Thijs Kinkhorst wrote: Yes, looks good from reading the source. So let's go! alright, we commited the html+css fixes now. \o/ Feedback still welcome! :) cheers, Holger signature.asc Description: This is a digitally signed message part. ---End Message---
Processed: #664866 security-tracker: stable-backports not present in CVE and package pages
Processing control commands: tags -1 + pending Bug #664866 [security-tracker] security-tracker: stable-backports not present in CVE and package pages. please add Added tag(s) pending. -- 664866: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664866 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b664866.141082122116679.transcr...@bugs.debian.org
Bug#742855: marked as done (security-tracker: tabular view should always be by release order)
Your message dated Tue, 16 Sep 2014 11:17:26 +0200 with message-id 201409161117.27841.hol...@layer-acht.org and subject line also fixed by r28819 has caused the Debian Bug report #742855, regarding security-tracker: tabular view should always be by release order to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 742855: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742855 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hi Unfortunately the tabular view is not always ordered by release. For example [1] shows in the tablular view: +---++---+++ | Bug | jessie | sid | wheezy | Description | +---++---+++ | CVE-2014-0054 | fixed | fixed | vulnerable | | | CVE-2014-1904 | fixed | fixed | vulnerable | Cross-site scripting (XSS) vulnerability in .. | +---++---+++ but this should be always in the order of the releases preferably. [1] https://security-tracker.debian.org/tracker/source-package/libspring-java Regards, Salvatore ---End Message--- ---BeginMessage--- sibject says it already. signature.asc Description: This is a digitally signed message part. ---End Message---
Processed: the remaining small issue is not really pending
Processing control commands: tags -1 - pending Bug #610220 [security-tracker] url parsing of notes only works with one url per note Removed tag(s) pending. -- 610220: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610220 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b610220.141086280413064.transcr...@bugs.debian.org
Processed: Re: Bug#761730: tracker.d.o: please provide links to https://security-tracker.debian.org/tracker/source-package/$PKG
Processing commands for cont...@bugs.debian.org: clone 761730 -1 Bug #761730 [tracker.debian.org] tracker.d.o: please provide links to https://security-tracker.debian.org/tracker/source-package/$PKG Bug 761730 cloned as bug 761859 reassign -1 security-tracker Bug #761859 [tracker.debian.org] tracker.d.o: please provide links to https://security-tracker.debian.org/tracker/source-package/$PKG Bug reassigned from package 'tracker.debian.org' to 'security-tracker'. Ignoring request to alter found versions of bug #761859 to the same values previously set Ignoring request to alter fixed versions of bug #761859 to the same values previously set retitle 761730 tracker.d.o: please provide more detailed information about security issues Bug #761730 [tracker.debian.org] tracker.d.o: please provide links to https://security-tracker.debian.org/tracker/source-package/$PKG Changed Bug title to 'tracker.d.o: please provide more detailed information about security issues' from 'tracker.d.o: please provide links to https://security-tracker.debian.org/tracker/source-package/$PKG' retitle -1 security-tracker: please provide more information via JSON file for tracker.d.o Bug #761859 [security-tracker] tracker.d.o: please provide links to https://security-tracker.debian.org/tracker/source-package/$PKG Changed Bug title to 'security-tracker: please provide more information via JSON file for tracker.d.o' from 'tracker.d.o: please provide links to https://security-tracker.debian.org/tracker/source-package/$PKG' block 761730 by -1 Bug #761730 [tracker.debian.org] tracker.d.o: please provide more detailed information about security issues 761730 was not blocked by any bugs. 761730 was not blocking any bugs. Added blocking bug(s) of 761730: 761859 thanks Stopping processing here. Please contact me if you need assistance. -- 761730: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761730 761859: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761859 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.c.141086958929656.transcr...@bugs.debian.org
Bug#610220: marked as done (url parsing of notes only works with one url per note)
Your message dated Wed, 17 Sep 2014 16:29:17 +0200 with message-id 201409171629.23598.hol...@layer-acht.org and subject line Re: Bug#610220: turn URLs in notes into hyperlinks has caused the Debian Bug report #610220, regarding url parsing of notes only works with one url per note to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 610220: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610220 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: wishlist NOTE: see http://www.example.com/info.html; should render as NOTE: see a href='http://www.example.com/info.html'codehttp://www.example.com/info.html/code/a or something similar. ---End Message--- ---BeginMessage--- Hi, On Dienstag, 16. September 2014, Holger Levsen wrote: control: tags -1 - pending # rather help is welcome to fix improve the regex as described in the bug log # (see previous mail to the bug) I'm declaring this limitation a well designed feature now: NOTES may include one http:// or https:// URL which will be turned into a so called hyper-link. If you need more than one such link, it is advised to use several notes. r28866 did this split for the existing 12 cases in the database. And so I'm closing this issue now. \o/ cheers, Holger .oO( now we need a VCS hook to enforce this...) signature.asc Description: This is a digitally signed message part. ---End Message---
Bug#479727: marked as done (security-tracker: Show unimportant issues in some way on package overview)
Your message dated Thu, 18 Sep 2014 07:53:49 +0200 with message-id 20140918055349.ga7...@lorien.valinor.li and subject line Re: Bug#479727: security-tracker: Show unimportant issues in some way on package overview has caused the Debian Bug report #479727, regarding security-tracker: Show unimportant issues in some way on package overview to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 479727: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=479727 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: wishlist Hi, Currently, issues marked as unimportant disappear entirely off the radar, which is not a big problem. I think for clarity however it would be better if they were displayed somewhere so users can see we know that such a CVE applies to the package, but we just disregard it. Maybe one of the following options: - Add them between the other CVEs under Open or Resolved, but mark them specifically (e.g.: strike, or gray, ...) - Add a thrid section after Open and Resolved, being Non-issues. cheers, Thijs -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.18-6-686 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) ---End Message--- ---BeginMessage--- Hi Thijs, I just sumbled ofer #479727 in the BTS. I think this is already resolved since a while, the per package page shows the open unimportant. Closing the bug with this message. Regards, Salvatore---End Message---
Processed (with 5 errors): Re: Bug#761945: security-tracker: link to DLA details from Source field
Processing commands for cont...@bugs.debian.org: clone 761945 -1 -2 Bug #761945 [security-tracker] security-tracker: link to DLA details from Source field Bug 761945 cloned as bugs 762254-762255 reassign -1 debian-www Bug #762254 [security-tracker] security-tracker: link to DLA details from Source field Bug reassigned from package 'security-tracker' to 'debian-www'. Warning: Unknown package 'debian-www' Warning: Unknown package 'debian-www' Ignoring request to alter found versions of bug #762254 to the same values previously set Warning: Unknown package 'debian-www' Warning: Unknown package 'debian-www' Ignoring request to alter fixed versions of bug #762254 to the same values previously set Warning: Unknown package 'debian-www' reassign -2 debian-www Bug #762255 [security-tracker] security-tracker: link to DLA details from Source field Bug reassigned from package 'security-tracker' to 'debian-www'. Warning: Unknown package 'debian-www' Warning: Unknown package 'debian-www' Ignoring request to alter found versions of bug #762255 to the same values previously set Warning: Unknown package 'debian-www' Warning: Unknown package 'debian-www' Ignoring request to alter fixed versions of bug #762255 to the same values previously set Warning: Unknown package 'debian-www' retitle -1 explain LTS on the www.d.o website Bug #762254 [debian-www] security-tracker: link to DLA details from Source field Warning: Unknown package 'debian-www' Changed Bug title to 'explain LTS on the www.d.o website' from 'security-tracker: link to DLA details from Source field' Warning: Unknown package 'debian-www' retitle -2 collect DLAs on www.d.o Bug #762255 [debian-www] security-tracker: link to DLA details from Source field Warning: Unknown package 'debian-www' Changed Bug title to 'collect DLAs on www.d.o' from 'security-tracker: link to DLA details from Source field' Warning: Unknown package 'debian-www' block 761945 -1 Unknown command or malformed arguments to command. block 761945 -2 Unknown command or malformed arguments to command. Hi Paul, Unknown command or malformed arguments to command. thanks for your bug report! Unknown command or malformed arguments to command. On Mittwoch, 17. September 2014, Paul Wise wrote: Unknown command or malformed arguments to command. Too many unknown commands, stopping here. Please contact me if you need assistance. -- 761945: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761945 762254: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762254 762255: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762255 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.c.141119638426599.transcr...@bugs.debian.org
Bug#762069: marked as done (security-tracker does not update NVD information anymore)
Your message dated Mon, 22 Sep 2014 19:14:23 +0200 with message-id 20140922171423.GA26721@eldamar.local and subject line Re: Bug#762069: security-tracker does not update NVD information anymore has caused the Debian Bug report #762069, regarding security-tracker does not update NVD information anymore to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 762069: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762069 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Tags: confirmed Hi, I'm looking into this problem, but would like to have documented the problem in the BTS. Currently since we switched to fetch information trough https updates of NVD information for the security-tracker does not work anymore. Makefile contains a update-nvd target, which fetches the nvde-$year information via https: wget -q -Odata/nvd/$$name https://nvd.nist.gov/download/$$name ERROR: The certificate of `nvd.nist.gov' is not trusted. ERROR: The certificate of `nvd.nist.gov' hasn't got a known issuer. Solution: We need (as for example also needed for qa's vcs-watch) our own CA store for the security-tracker which is used on soler. Regards, Salvatore ---End Message--- ---BeginMessage--- Hi This is now done by keeping a certificate store for the sectracker user which is the used when fetching the data. Regards, Salvatore---End Message---
Processed: merge
Processing commands for cont...@bugs.debian.org: severity 762288 wishlist Bug #762288 [security-tracker] security-tracker: available versions table is unnecessary Severity set to 'wishlist' from 'normal' merge 761963 762288 Bug #761963 [security-tracker] security-tracker: consolidate vulnerable/fixed per release in overviews Bug #762288 [security-tracker] security-tracker: available versions table is unnecessary Merged 761963 762288 thanks Stopping processing here. Please contact me if you need assistance. -- 761963: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761963 762288: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762288 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.c.141142706226717.transcr...@bugs.debian.org
Processed: user www.debian....@packages.debian.org, forcibly merging 762254 751403, usertagging 751403
Processing commands for cont...@bugs.debian.org: user www.debian@packages.debian.org Setting user to www.debian@packages.debian.org (was taf...@debian.org). forcemerge 762254 751403 Bug #762254 [www.debian.org] explain LTS on the www.d.o website Bug #751403 [www.debian.org] www.debian.org: /News/2014/20140424 missing link how to use squeeze LTS 761945 was blocked by: 762254 762255 761945 was not blocking any bugs. Added blocking bug(s) of 761945: 751403 Merged 751403 762254 usertags 751403 content Usertags were: content news. Usertags are now: content news. thanks Stopping processing here. Please contact me if you need assistance. -- 751403: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751403 761945: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761945 762254: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762254 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.c.141158582314426.transcr...@bugs.debian.org
Bug#642987: marked as done (Entries marked as end-of-life should not be displayed as fixed in the web overview)
Your message dated Thu, 25 Sep 2014 09:43:20 +0200 with message-id 201409250943.22087.hol...@layer-acht.org and subject line end-of-life now visible in security tracker has caused the Debian Bug report #642987, regarding Entries marked as end-of-life should not be displayed as fixed in the web overview to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 642987: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642987 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal end-of-life is used to mark a package as no longer supported in an otherwise supported release. Such entries are currently displayed as fixed in the issue overview, e.g.: http://security-tracker.debian.org/tracker/CVE-2010-3908. The web overview should rather show end-of-life instead of fixed. Cheers, Moritz ---End Message--- ---BeginMessage--- Hi, subject says it all. cheers, Holger signature.asc Description: This is a digitally signed message part. ---End Message---
Bug#763074: marked as done (security-tracker: DSA-3037-1 vs. tracker)
Your message dated Sat, 27 Sep 2014 19:37:16 +0200 with message-id 20140927173716.GA29078@eldamar.local and subject line Re: Bug#763074: security-tracker: DSA-3037-1 vs. tracker has caused the Debian Bug report #763074, regarding security-tracker: DSA-3037-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 763074: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763074 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hi all! I am under the impression that DSA-3037-1 [1] has a typo in the version that fixes CVE-2014-1568 for stable. The correct version number seems [2] to be 24.8.1-1~deb7u1 (even though the changelog seems to have a typo in the CVE number: it's CVE-2014-1568, not CVE-2024-1568!). The tracker reflects the DSA [3]: please fix the tracker data! Thanks for your time (and for the significant improvements that the tracker has recently had!). [1] https://lists.debian.org/debian-security-announce/2014/msg00225.html [2] https://tracker.debian.org/media/packages/i/icedove/changelog-24.8.1-1~deb7u1 [3] https://security-tracker.debian.org/tracker/DSA-3037-1 ---End Message--- ---BeginMessage--- Hi Francesco, On Sat, Sep 27, 2014 at 07:13:35PM +0200, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hi all! I am under the impression that DSA-3037-1 [1] has a typo in the version that fixes CVE-2014-1568 for stable. The correct version number seems [2] to be 24.8.1-1~deb7u1 (even though the changelog seems to have a typo in the CVE number: it's CVE-2014-1568, not CVE-2024-1568!). The tracker reflects the DSA [3]: please fix the tracker data! Thanks for your time (and for the significant improvements that the tracker has recently had!). Thanks for spotting this! I have corrected the version for the icedove DSA. Regards, Salvatore---End Message---
Bug#761889: marked as done (decide about desired ordering of releases and issues)
Your message dated Fri, 3 Oct 2014 09:47:43 +0200 with message-id 201410030947.45335.hol...@layer-acht.org and subject line Re: Bug#761889: decide about desired ordering of releases and issues has caused the Debian Bug report #761889, regarding decide about desired ordering of releases and issues to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 761889: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761889 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- package: security-tracker Hi, the ordering of the releases (sid, jessie, wheezy...) and issues (open and resolved CVEs, DSAs, etc) is not consistent in the tracker web ui (and was undeterministic in parts). So what do we have, there are basically two views: package-centric, like https://security-tracker.debian.org/tracker/source- package/bind9 and issue-centric, like https://security- tracker.debian.org/tracker/CVE-2014-0591 Both list the releases in their page header, the issue-view lists oldest release on top, the package view is undeterministic (aka buggy, compare bind9 vs linux). So that issue #1. The issue-view then lists affected releases, also with oldest release on top. Then it lists releases with fixed versions, with the newest releases on top - no, actually unsorted. So thats #2 So that should probably be fixed to also list the oldest release on top. Agreed? Then, the package view lists releases in the open issues table, with the oldest on the left. So except for this one issue, the releases are ordered consistently now. Second question: is that the prefered ordering, or should newer release be on the left/top? That's #3 even though it's just a question, thats one of the main questions to decide here! The second main question is the issue ordering: In the issue view, open issues, open unimportant issues and resolved issues are all sorted with the oldest on top. Security annoncements are sorted with the newest on top. I think it's rather clear, that resolved issues should be sorted with oldest at bottom, like the announcements. Thats #4. Debatable (but sadly so far only debated between Salvatore and me) is whether to list newer open (unimportant) issues on top or at the bottom. Salvatores argues that currently it's easier to see what old issues havent been handled, while my arguing is that new issues should be easier to see, as old ones are probably known already anyway. This is #5 for the team to decide :-) I can fix #1+#2 to make the ordering deterministic, but the team should really decide on #3-5. Are there regular irc meetings where this could happen? Or else, how? cheers, Holger signature.asc Description: This is a digitally signed message part. ---End Message--- ---BeginMessage--- Hi, On Dienstag, 16. September 2014, Holger Levsen wrote: the ordering of the releases (sid, jessie, wheezy...) and issues (open and resolved CVEs, DSAs, etc) is not consistent in the tracker web ui (and was undeterministic in parts). So what do we have, there are basically two views: [...] I can fix #1+#2 to make the ordering deterministic, but the team should really decide on #3-5. Are there regular irc meetings where this could happen? Or else, how? I now applied and activated a patch which sorts them now in deterministic order, in the way I think is sensible. Please speak up if you think that's not useful. (Next, besides fixing backports support is to add switches to in+exclude suites on demand everywhere.) cheers, Holger signature.asc Description: This is a digitally signed message part. ---End Message---
Bug#764091: marked as done (security-tracker: CVE overview does not sort group anymore by Source Package when one CVE affects multiple source packages)
Your message dated Mon, 6 Oct 2014 15:51:19 +0200 with message-id 201410061551.26432.hol...@layer-acht.org and subject line Re: Bug#764091: security-tracker: CVE overview does not sort group anymore by Source Package when one CVE affects multiple source packages has caused the Debian Bug report #764091, regarding security-tracker: CVE overview does not sort group anymore by Source Package when one CVE affects multiple source packages to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 764091: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=764091 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hi After the changes in #761889 when a CVE affects multiple source packages the vulnerable and fixed packages the table sorts only by release. So now for example CVE-2014-0207 shows: Source Package Release Version Status file (PTS) squeeze (security), squeeze 5.04-5+squeeze5 vulnerable php5 (PTS) squeeze (security), squeeze 5.3.3-7+squeeze19 vulnerable file (PTS) squeeze (lts) 5.04-5+squeeze7 fixed php5 (PTS) squeeze (lts) 5.3.3-7+squeeze22 fixed file (PTS) wheezy 5.11-2+deb7u3 vulnerable php5 (PTS) wheezy 5.4.4-14+deb7u11 vulnerable file (PTS) wheezy (security) 5.11-2+deb7u5 fixed php5 (PTS) wheezy (security) 5.4.4-14+deb7u14 fixed file (PTS) jessie, sid 1:5.19-2 fixed php5 (PTS) jessie, sid 5.6.0+dfsg-16 fixed Please have the table first group again by source package and then within this table sort by release, like: Source Package Release Version Status file (PTS) squeeze, squeeze (security) 5.04-5+squeeze5 vulnerable squeeze (lts) 5.04-5+squeeze7 fixed wheezy 5.11-2+deb7u3 vulnerable wheezy (security) 5.11-2+deb7u5 fixed jessie, sid 1:5.19-2 fixed php5 (PTS) squeeze, squeeze (security) 5.3.3-7+squeeze19 vulnerable squeeze (lts) 5.3.3-7+squeeze21 fixed wheezy 5.4.4-14+deb7u11 vulnerable wheezy (security) 5.4.4-14+deb7u14 fixed jessie, sid 5.6.0+dfsg-1 fixed Regards, Salvatore ---End Message--- ---BeginMessage--- Hi Salvatore, On Sonntag, 5. Oktober 2014, Salvatore Bonaccorso wrote: After the changes in #761889 when a CVE affects multiple source packages the vulnerable and fixed packages the table sorts only by release. So now for example CVE-2014-0207 shows: Please have the table first group again by source package and then within this table sort by release, like: thanks for the very understandable bugreport, fixed in git/svn and deployed to the tracker! cheers, Holger signature.asc Description: This is a digitally signed message part. ---End Message---
Bug#766412: marked as done (security-tracker: DSA-3049-1 vs. tracker)
Your message dated Thu, 23 Oct 2014 09:00:07 +0200 with message-id 20141023070007.ga21...@lorien.valinor.li and subject line Re: Bug#766412: security-tracker: DSA-3049-1 vs. tracker has caused the Debian Bug report #766412, regarding security-tracker: DSA-3049-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 766412: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766412 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello everybody! DSA-3049-1 [1] states that several vulnerabilities are fixed in sid and jessie by wireshark/1.12.1+g01b65bf-1, but the tracker [2] seems to disagree for CVE-2014-6422 (which is claimed to still affect both sid and jessie). [1] https://lists.debian.org/debian-security-announce/2014/msg00236.html [2] https://security-tracker.debian.org/tracker/CVE-2014-6422 Please update the tracker data. Thanks for your time! Bye. ---End Message--- ---BeginMessage--- Hi Francesco, On Wed, Oct 22, 2014 at 11:38:21PM +0200, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hello everybody! DSA-3049-1 [1] states that several vulnerabilities are fixed in sid and jessie by wireshark/1.12.1+g01b65bf-1, but the tracker [2] seems to disagree for CVE-2014-6422 (which is claimed to still affect both sid and jessie). [1] https://lists.debian.org/debian-security-announce/2014/msg00236.html [2] https://security-tracker.debian.org/tracker/CVE-2014-6422 Please update the tracker data. The reason this entry was not updated so far lies in the TODO entry in the tracker, for the issue to be checked: TODO: check, 1.12 series possibly not affected (only 1.10.0 to 1.10.9) This was needed to be checked before, if it affects 1.12 at all, since advisory mentioned only the 1.10 series. I just quickly checked version 1.12.1+g01b65bf-1 in unstable which seems to contain the fix. Indeed it was even fixed in 1.11.3 upstream, so marking the tracker with the first version in unstable containing the fix (1.12.0+git+4fab41a1-1). Thank you for noticing the incositency. Regards, Salvatore---End Message---
Bug#767654: marked as done (security-tracker: DSA-3061-1 vs. tracker)
Your message dated Sun, 2 Nov 2014 15:28:40 +0100 with message-id 20141102142840.GA2454@eldamar.local and subject line Re: Bug#767654: security-tracker: DSA-3061-1 vs. tracker has caused the Debian Bug report #767654, regarding security-tracker: DSA-3061-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 767654: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767654 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hi all! DSA-3061-1 [1] states that several vulnerabilities are fixed in sid by icedove/31.2.0-1, but the tracker [2] seems to disagree (claiming that sid is still unfixed). [1] https://lists.debian.org/debian-security-announce/2014/msg00249.html [2] https://security-tracker.debian.org/tracker/DSA-3061-1 Please update the tracker data. Thanks for your time! Bye. ---End Message--- ---BeginMessage--- Hi Francesco, On Sat, Nov 01, 2014 at 06:32:03PM +0100, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hi all! DSA-3061-1 [1] states that several vulnerabilities are fixed in sid by icedove/31.2.0-1, but the tracker [2] seems to disagree (claiming that sid is still unfixed). [1] https://lists.debian.org/debian-security-announce/2014/msg00249.html [2] https://security-tracker.debian.org/tracker/DSA-3061-1 Please update the tracker data. Thanks for your time! Thanks too! I have fixed the tracker information now. Regards, Salvtore---End Message---
Processed: Re: Bug#767654: security-tracker: DSA-3061-1 vs. tracker
Processing control commands:
reopen -1
Bug #767654 {Done: Salvatore Bonaccorso car...@debian.org} [security-tracker]
security-tracker: DSA-3061-1 vs. tracker
Bug reopened
Ignoring request to alter fixed versions of bug #767654 to the same values
previously set
--
767654: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767654
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/handler.s.b767654.14149505546364.transcr...@bugs.debian.org
Bug#772775: marked as done (security-tracker: DSA-3095-1 vs. tracker)
Your message dated Thu, 11 Dec 2014 05:16:22 +0100 with message-id 20141211041622.GA17564@eldamar.local and subject line Re: Bug#772775: security-tracker: DSA-3095-1 vs. tracker has caused the Debian Bug report #772775, regarding security-tracker: DSA-3095-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 772775: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772775 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello! It seems to me that DSA-3095-1 [1] lacks an epoch in the stable fixed version. The tracker reflects the DSA [2]: please fix the tracker data! Thanks for your time. [1] https://lists.debian.org/debian-security-announce/2014/msg00285.html [2] https://security-tracker.debian.org/tracker/DSA-3095-1 ---End Message--- ---BeginMessage--- Hello Francesco, On Wed, Dec 10, 2014 at 11:59:40PM +0100, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hello! It seems to me that DSA-3095-1 [1] lacks an epoch in the stable fixed version. The tracker reflects the DSA [2]: please fix the tracker data! Thanks for your time. Thanks! Fixed now. Regards, Salvatore---End Message---
Processed: please also mention SUAs on www.debian.org
Processing commands for cont...@bugs.debian.org: clone 762255 -1 Bug #762255 [www.debian.org] collect DLAs on www.d.o Bug 762255 cloned as bug 772822 772822 was not blocked by any bugs. 772822 was blocking: 761945 Added blocking bug(s) of 772822: 761945 retitle -1 please also mention SUAs and d-s-a@l.d.o on .debian.org Bug #772822 [www.debian.org] collect DLAs on www.d.o Changed Bug title to 'please also mention SUAs and d-s-a@l.d.o on .debian.org' from 'collect DLAs on www.d.o' thanks Stopping processing here. Please contact me if you need assistance. -- 762255: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762255 772822: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772822 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.c.14183025134965.transcr...@bugs.debian.org
Bug#773100: marked as done (security-tracker: DSA-3100-1 vs. tracker)
Your message dated Sun, 14 Dec 2014 11:56:32 +0100 with message-id 201412141156.39452.hol...@layer-acht.org and subject line Re: Bug#773100: security-tracker: DSA-3100-1 vs. tracker has caused the Debian Bug report #773100, regarding security-tracker: DSA-3100-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 773100: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773100 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hi all! DSA-3100-1 [1] seems to lack an epoch in the stable fixed version. The tracker reflects the DSA [2]: please fix the tracker data! Thanks for your time. [1] https://lists.debian.org/debian-security-announce/2014/msg00290.html [2] https://security-tracker.debian.org/tracker/DSA-3100-1 ---End Message--- ---BeginMessage--- On Sonntag, 14. Dezember 2014, Francesco Poli (wintermute) wrote: DSA-3100-1 [1] seems to lack an epoch in the stable fixed version. The tracker reflects the DSA [2]: please fix the tracker data! fixed in git^wsvn, thanks! signature.asc Description: This is a digitally signed message part. ---End Message---
Bug#772927: marked as done (security-tracker: please link source package names the corresponding tracker web page)
Your message dated Mon, 15 Dec 2014 20:45:32 +0100 with message-id 201412152045.45238.hol...@layer-acht.org and subject line Re: Bug#772927: security-tracker: please link source package names the corresponding tracker web page has caused the Debian Bug report #772927, regarding security-tracker: please link source package names the corresponding tracker web page to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 772927: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772927 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: wishlist Hello, I would like to have links in the Package column on by-release overview pages (e.g. https://security-tracker.debian.org/tracker/status/release/oldstable) and the links should point to the corresponding by-source package overview page (e.g. https://security-tracker.debian.org/tracker/source-package/binutils). Thank you! -- System Information: Debian Release: 8.0 APT prefers squeeze-lts APT policy: (500, 'squeeze-lts'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) ---End Message--- ---BeginMessage--- Hi Raphaël, On Freitag, 12. Dezember 2014, Raphaël Hertzog wrote: I would like to have links in the Package column on by-release overview pages (e.g. https://security-tracker.debian.org/tracker/status/release/oldstable) and the links should point to the corresponding by-source package overview page (e.g. https://security-tracker.debian.org/tracker/source-package/binutils). thanks for the bug report, I want(ed) this too and have implemented and deployed this now. cheers, Holger signature.asc Description: This is a digitally signed message part. ---End Message---
Bug#773298: marked as done (security-tracker: DLA-112-1 miscrepancy)
Your message dated Tue, 16 Dec 2014 20:15:05 +0100 with message-id 201412162015.17720.hol...@layer-acht.org and subject line Re: Bug#773298: security-tracker: DLA-112-1 miscrepancy has caused the Debian Bug report #773298, regarding security-tracker: DLA-112-1 miscrepancy to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 773298: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773298 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Dear Maintainer, https://security-tracker.debian.org/tracker/DLA-112-1 and https://security-tracker.debian.org/tracker/CVE-2014-8500 show the issue fixed in bind9 version 1:9.7.3.dfsg-1~squeeze11 while it's only fixed in squeeze-lts, 1:9.7.3.dfsg-1~squeeze13 1:9.7.3.dfsg-1~squeeze11 present in squeeze and squeeze-security repos ought to show as vulnerable. Regards, Zoran ---End Message--- ---BeginMessage--- Hi Zoran, On Dienstag, 16. Dezember 2014, Zoran Dželajlija wrote: https://security-tracker.debian.org/tracker/DLA-112-1 and https://security-tracker.debian.org/tracker/CVE-2014-8500 show the issue fixed in bind9 version 1:9.7.3.dfsg-1~squeeze11 while it's only fixed in squeeze-lts, 1:9.7.3.dfsg-1~squeeze13 thanks for your bugreport, I've just commited a fix- [20:14]KGB-2 | holger r30783 data/ DLA/list CVE/list [20:14] KGB-2 mark CVE-2014-8500 correctly fixed in bind9 version 1:9.7.3.dfsg-1~squeeze13, thanks to Zoran and Raphael cheers, Holger signature.asc Description: This is a digitally signed message part. ---End Message---
Bug#773322: marked as done (security-tracker: DSA-3104-1 vs. tracker)
Your message dated Wed, 17 Dec 2014 16:19:23 +0100 with message-id 20141217151923.ga19...@home.ouaza.com and subject line Re: Bug#773322: security-tracker: DSA-3104-1 vs. tracker has caused the Debian Bug report #773322, regarding security-tracker: DSA-3104-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 773322: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773322 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello! DSA-3104-1 [1] states, in part: | An older security vulnerability, CVE-2004-2771, had already | been addressed in the Debian's bsd-mailx package. However, the tracker [2] seems to disagree, as it claims that all versions of bsd-mailx in Debian are currently vulnerable... I think the problem is an extra epoch in the (unstable) fixed version for bsd-mailx: this time the epoch is in the tracker data, but not in the actual package versions (contrary to the usual missing epoch issues that I frequently spot!). Please fix the tracker data. Thanks for your time! [1] https://lists.debian.org/debian-security-announce/2014/msg00294.html [2] https://security-tracker.debian.org/tracker/CVE-2004-2771 ---End Message--- ---BeginMessage--- Hi, On Tue, 16 Dec 2014, Francesco Poli (wintermute) wrote: | An older security vulnerability, CVE-2004-2771, had already | been addressed in the Debian's bsd-mailx package. However, the tracker [2] seems to disagree, as it claims that all versions of bsd-mailx in Debian are currently vulnerable... I think the problem is an extra epoch in the (unstable) fixed version for bsd-mailx: this time the epoch is in the tracker data, but not in the actual package versions (contrary to the usual missing epoch issues that I frequently spot!). That's right. The bug has been fixed in mailx 1:8.1.2-0.20040524cvs-2 but when the source package has been renamed to bsd-mailx, the epoch has been dropped so we should drop it too in the fixed version in the CVE tracker. Fix committed. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/---End Message---
