Package: security-tracker
Severity: normal
Hi!
It seems that there's no tracker page [1] for DSA-2313-1 [2], yet.
Please update the tracker data.
Thanks for your time.
[1] http://security-tracker.debian.org/tracker/DSA-2313-1
[2]
Package: security-tracker
Severity: normal
Hi,
DSA-2324-1 [1] states that wireshark/1.6.2-1 fixes CVE-2011-3360
in sid.
However, the tracker page for the CVE [2] seems to ignore this
fact.
Assuming the DSA is correct, please update the tracker data.
Thanks for your time.
[1]
Package: security-tracker
Severity: normal
Hi!
There seem to be no tracker pages [1][2] for DSA-2372-1 [3] or for
DSA-2373-1 [4].
Please update the tracker data.
Thanks for your time!
[1] http://security-tracker.debian.org/tracker/DSA-2372-1
[2]
Package: security-tracker
Severity: normal
Hi!
The tracker page [1] for DSA-2388-1 [2] looks OK, but some of the
referenced CVE tracker pages [3][4] claim that t1lib/5.1.2-3.3 is still
vulnerable in wheezy and sid, while the DSA [2] claims that all the
CVEs are fixed in wheezy and sid by
Package: security-tracker
Severity: normal
Hello!
The tracker page [1] for DSA-2394-1 [2] seems to be almost empty.
Please fix the tracker data.
Thanks for your time!
[1] http://security-tracker.debian.org/tracker/DSA-2394-1
[2]
Package: security-tracker
Severity: normal
Hello!
DSA-2401-1 [1] claims that a number of referenced vulnerabilities
are fixed in sid by tomcat6/6.0.35-1
However, two vulnerabilities (CVE-2011-3190 [2] and CVE-2011-4858 [3])
out of the 10 referenced ones are shown as not fixed in sid and wheezy
Package: security-tracker
Severity: normal
Hello,
DSA-2453-1 [1] states that three vulnerabilities are fixed in
wheezy and sid by gajim/0.15-1, but the tracker seems to disagree
regarding CVE-2012-2093 [2], which is still considered as unfixed
in gajim/0.15-1 ...
Please update the tracker data,
Package: security-tracker
Severity: normal
Hello everybody!
DSA-2503-1 [1] states that CVE-2012-3366 is fixed in sid by
bcfg2/1.2.2-2, but the tracker [2] seems to disagree.
I think that the DSA is probably right, since the BTS seems to
tell the same story [3].
Please update the tracker data.
Package: security-tracker
Severity: normal
Hi!
DSA-2511-1 [1] says that CVE-2012-386[4-7] are fixed in sid by
puppet/2.7.18-1, but the tracker seems to disagree [2].
I suppose the DSA is right: if this is the case, please update
the tracker data.
Thanks for your time!
[1]
Package: security-tracker
Severity: normal
Hello!
DSA-2520-1 [1] and the corresponding tracker page [2] state that
CVE-2012-2665 has been fixed in stable by
openoffice.org/3.2.1-11+squeeze7.
I believe that an epoch is missing, since the version number
of the openoffice.org package currently in
Package: security-tracker
Severity: normal
Hi!
DSA-2519-2 has been issued [1], stating that the previously
announced security patches were not really applied to
isc-dhcp/4.1.1-P1-15+squeeze5, an issue that has been fixed
in isc-dhcp/4.1.1-P1-15+squeeze6.
[1]
Package: security-tracker
Severity: normal
Hello!
DSA-2521-1 [1] has been recently issued, but the tracker [2] seems to be
still unaware of it.
Please update the tracker data.
Thanks for your time!
[1] https://lists.debian.org/debian-security-announce/2012/msg00162.html
[2]
Package: security-tracker
Severity: normal
Hello,
DSA-2531-1 has been recently issued [1], but the corresponding tracker
page [2] is basically empty.
Please update the tracker data.
Thanks for your time!
[1] https://lists.debian.org/debian-security-announce/2012/msg00172.html
[2]
Package: security-tracker
Severity: normal
Hello,
DSA-2533-1 [1] states that four vulnerabilities are fixed in sid
by pcp/3.6.5
The tracker [2][3][4][5] seems to disagree.
Please update the tracker data.
Thanks for your time!
[1]
Package: security-tracker
Severity: normal
Hi all,
DSA-2559-1 [1] was issued, but the tracker seems to know nothing
about it [2] yet.
Please update the tracker data.
Thanks for your time!
[1] https://lists.debian.org/debian-security-announce/2012/msg00203.html
[2]
Package: security-tracker
Severity: normal
Hello,
although DSA-2578-1 [1] has been recently issued, the tracker
still seems to be unaware of it [2].
Please update the tracker data.
Thanks!
[1] https://lists.debian.org/debian-security-announce/2012/msg00221.html
[2]
Package: security-tracker
Severity: normal
Hi all,
DSA-2614-1 [1] and DSA-2615-1 [2] state that several vulnerabilities
have been fixed in sid by libupnp/1:1.6.17-1.2 and by
libupnp4/1.8.0~svn20100507-1.2 .
However, the tracker seems to disagree [3][4][5][6][7][8][9][10]
(it still claims that
Package: security-tracker
Severity: normal
Hello,
it seems to me that an epoch is missing from the squeeze fixed version
of package ircd-hybrid in the tracker page [1] for DSA-2618-1 [2].
Please fix the tracker data.
Thanks for your time!
[1]
Package: security-tracker
Severity: normal
Hello,
DSA-2692-1 [1] says that CVE-2013-2001 has been fixed for sid in
libxxf86vm/1:1.1.2-1+deb7u1 .
On the other hand, the tracker [2] seems to disagree: it currently
claims that the fixed version for unstable is 2:1.1.3-2+deb7u1 ...
Is that a typo?
Package: security-tracker
Severity: normal
Hello again,
there seems to be no tracker page [1] for DSA-2694-1 [2].
Please update the tracker data.
Thanks again for your time!
[1] https://security-tracker.debian.org/tracker/DSA-2694-1
[2]
Package: security-tracker
Severity: important
Hello everybody.
I've just noticed that some release pages no longer work and return
a Proxy Error instead.
For instance:
https://security-tracker.debian.org/tracker/status/release/unstable?show_undetermined_urgency=1
currently displays:
| Proxy
Package: security-tracker
Severity: normal
Hi,
DSA-2722-1 [1] says that many vulnerabilities have been fixed for
sid in openjdk-7/7u25-2.3.10-1 .
The tracker seems to agree for all the vulnerabilities but CVE-2013-2454,
which is claimed to be still present in sid [2].
Is that an oversight?
Package: security-tracker
Severity: normal
Hello everybody,
it seems to me that there is no tracker page [1] for DSA-2728-1 [2].
Please update the tracker.
Thanks for your time.
[1] https://security-tracker.debian.org/tracker/DSA-2728-1
[2]
Package: security-tracker
Severity: normal
Hi all,
it seems to me that there's a missing epoch in the wheezy fixed version
of asterisk for DSA-2749-1 [1][2].
[1] https://lists.debian.org/debian-security-announce/2013/msg00160.html
[2] https://security-tracker.debian.org/tracker/DSA-2749-1
Package: security-tracker
Severity: normal
Hi all!
It seems to me that the squeeze and wheezy fixed versions of
xorg-server are missing an epoch in DSA-2822-1 [1][2].
[1] https://lists.debian.org/debian-security-announce/2013/msg00236.html
[2]
Package: security-tracker
Severity: normal
Hello everybody,
DSA-2846-1 [1] says that two vulnerabilities have been fixed in sid
by libvirt/1.2.1-1 .
The tracker seems to agree for CVE-2014-1447, but not for
CVE-2013-6458, which is claimed to be still present in sid [2].
I think the tracker data
Package: security-tracker
Severity: normal
Hello,
DSA-2856-1 [1] states that CVE-2014-0050 is fixed in oldstable and
stable security updates for libcommons-fileupload-java.
[1] https://lists.debian.org/debian-security-announce/2014/msg00026.html
The tracker seems to agree on its DSA page [2],
Package: security-tracker
Severity: normal
Hello all,
DSA-2858-1 [1] states that several vulnerabilities have been fixed
in sid by iceweasel/24.3.0esr-1, but the tracker disagrees for
two of them [2][3] (the tracker claims that sid is still vulnerable).
[1]
Package: security-tracker
Severity: normal
Hello!
The tracker data [1] for DSA-2891-1 [2] seems to miss an epoch for the
wheezy fixed version of package mediawiki.
[1] https://security-tracker.debian.org/tracker/DSA-2891-1
[2] https://lists.debian.org/debian-security-announce/2014/msg00064.html
Package: security-tracker
Severity: normal
Hello again!
The tracker data [1] for DSA-2893-1 [2] seems to miss an epoch for both
fixed versions of package openswan.
[1] https://security-tracker.debian.org/tracker/DSA-2893-1
[2] https://lists.debian.org/debian-security-announce/2014/msg00067.html
Package: security-tracker
Severity: normal
Hello all!
It seems to me that the tracker data [1] for DSA-2935-1 [2] misses
an epoch in the wheezy fixed version of package libgadu.
[1] https://security-tracker.debian.org/tracker/DSA-2935-1
[2]
Package: security-tracker
Severity: normal
Hello everybody!
DSA-2962-1 [1] states that CVE-2014-1545 is fixed in sid by
nspr/2:4.10.6-1, but the tracker [2] seems to disagree (it currenctly
claims that sid is still vulnerable).
[1]
Package: security-tracker
Severity: normal
Hi all!
DSA-2986-1 [1] states that a number of vulnerabilities are fixed in sid
by iceweasel/31.0-1, but the tracker [2] seems to disagree for
CVE-2014-1544 (which is claimed to still affect sid).
[1]
Package: security-tracker
Severity: normal
Hi all!
DSA-3061-1 [1] states that several vulnerabilities are fixed in sid
by icedove/31.2.0-1, but the tracker [2] seems to disagree (claiming
that sid is still unfixed).
[1] https://lists.debian.org/debian-security-announce/2014/msg00249.html
[2]
Package: security-tracker
Severity: important
Hello everybody!
I have been experiencing frequent issues with the web interface of the
security tracker for some weeks and I am still experiencing them:
when visiting the tracker pages [1], I often get the following error
message in my browser:
|
Package: security-tracker
Severity: normal
Hello!
It seems to me that DSA-3095-1 [1] lacks an epoch in the stable fixed
version.
The tracker reflects the DSA [2]: please fix the tracker data!
Thanks for your time.
[1] https://lists.debian.org/debian-security-announce/2014/msg00285.html
[2]
Package: security-tracker
Severity: normal
Hi all!
DSA-3100-1 [1] seems to lack an epoch in the stable fixed version.
The tracker reflects the DSA [2]: please fix the tracker data!
Thanks for your time.
[1] https://lists.debian.org/debian-security-announce/2014/msg00290.html
[2]
Package: security-tracker
Severity: normal
Hello!
DSA-3104-1 [1] states, in part:
| An older security vulnerability, CVE-2004-2771, had already
| been addressed in the Debian's bsd-mailx package.
However, the tracker [2] seems to disagree, as it claims that
all versions of bsd-mailx in
Package: security-tracker
Severity: normal
Hi again,
DSA-3156-1 [1] states that CVE-2013-6933 is fixed in wheezy by
vlc/2.0.3-5+deb7u2+b1 and mplayer/2:1.0~rc4.dfsg1+svn34540-1+deb7u1 .
The CVE tracker page [2] seems to be unaware of these two fixed
versions for vlc and mplayer.
I don't know
Package: security-tracker
Severity: normal
Hello everybody,
there seems to be something weird going on.
The tracker page [1] for DSA-3155-1 [2] looks OK: it states
that the vulnerabilities are fixed in wheezy by
postgresql-9.1/9.1.15-0+deb7u1 (in agreement with the DSA itself).
On the other
Package: security-tracker
Severity: normal
Hello,
the tracker page [1] for DSA-3146-1 [2] seems to lack the links to
the relevant CVEs [3][4].
Please update the tracker data.
Thanks for your time.
[1] https://security-tracker.debian.org/tracker/DSA-3146-1
[2]
Package: security-tracker
Severity: normal
Hello everybody,
the tracker page [1] for DSA-3139-1 [2] seems to lack the link to
CVE-2014-3609 [3].
Please fix the tracker data.
Thanks for your time!
[1] https://security-tracker.debian.org/tracker/DSA-3139-1
[2]
Package: security-tracker
Severity: normal
Hello!
DSA-3290-1 [1] states that CVE-2015-3636 is fixed in
linux/3.16.7-ckt11-1, but the tracker shows somewhat
self-inconsistent information about this vulnerability [2],
claiming that linux/3.16.7-ckt11-1 is fixed in jessie,
but vulnerable in
Package: security-tracker
Severity: normal
Hello!
There seems to be no tracker page [1] for DSA-3288-1 [2], yet.
Please update the tracker data.
Thanks for your time!
[1] https://security-tracker.debian.org/tracker/DSA-3288-1
[2]
Package: security-tracker
Severity: normal
Hello everybody!
DSA-3381-1 [1] states that several vulnerabilities are fixed in
openjdk-7/7u85-2.6.1-5 for sid, but the tracker [2] claims that many
of those vulnerabilities are only fixed in openjdk-7/7u85-2.6.1-6 .
Is that a typo in the DSA or should
Package: security-tracker
Severity: normal
Hi everybody!
The tracker pages [1][2] for DSA-3306-1 [3] and DSA-3307-1 [4]
do not seem to be linked with CVE-2015-1868 [5], which,
according to the tracker, seems to be fixed everywhere,
while the DSAs [3][4] seem to disagree.
Please fix the tracker
Package: security-tracker
Severity: normal
Hi everyone!
DSA-3464-1 [1] states that several vulnerabilities are fixed in
rails/2:4.2.5.1-1 for sid, but the tracker claims that two of
them [2][3] are still unfixed in sid.
Is the DSA wrong or should the tracker data be updated?
Please clarify,
Package: security-tracker
Severity: normal
Hello!
According to [DSA-4259-1], ruby2.3/2.3.3-1+deb9u3 fixes a number of
vulnerabilities, among which CVE-2017-17405, CVE-2017-17742,
CVE-2017-17790, and CVE-2018-6914.
However, the tracker pages for [CVE-2017-17405], [CVE-2017-17742],
Package: security-tracker
Severity: normal
Hello everyone!
According to [DSA-4244-1] thunderbird/1:52.9.1-1~deb9u1 fixes
CVE-2017-17689 in stretch (security), among other vulnerabilities.
However the tracker page for [CVE-2017-17689] seems to disagree,
while, on the other hand, referencing bug
Package: security-tracker
Severity: normal
Hello everyone!
According to [DSA-4595-1], CVE-2019-3467 is fixed in debian-lan-config
for stretch and buster.
However, the tracker [CVE page] does not seem to be linked to the
[DSA page], thus failing to show the correct fixed versions for
Package: security-tracker
Severity: normal
Hi all!
I noticed that the tracker page for [CVE-2020-11565] fails to display
and returns the following error:
| Proxy Error
|
| The proxy server received an invalid response from an upstream server.
| The proxy server could not handle the request
|
Package: security-tracker
Severity: normal
Hello everyone!
According to [DSA-4917-1], a number of CVEs are fixed in chromium
for buster: CVE-2021-30506 รท CVE-2021-30520.
The tracker [DSA page] agrees on that, but also refers to
[CVE-2021-3051], which is not mentioned in the DSA.
[DSA-4917-1]:
Package: security-tracker
Severity: normal
Hi everyone!
In [DSA-4957-1], a number of CVEs are listed as fixed in trafficserver
for buster: CVE-2021-27577 CVE-2021-32566 CVE-2021-32567 CVE-2021-35474
CVE-2021-32565 .
However, the last one [CVE-2021-32565] is not present in the
corresponding [DSA
53 matches
Mail list logo