On Mon, Aug 10, 2009 at 09:35:17PM +0200, Nico Golde wrote: > Hi, > * Michael S. Gilbert <[email protected]> [2009-08-10 21:14]: > > On Mon, 10 Aug 2009 18:58:17 +0000, Nico Golde wrote: > [...] > > > CVE-2009-2414 [libxml2 stack recursion] > > > RESERVED > > > - libxml2 <unfixed> (medium; bug #540865) > > > - [etch] - libxml <unfixed> > > > + [lenny] - libxml <removed> > > > > i still don't think this is what you're trying to get at. you want to > > mark it is removed from unstable, which will automatically also mark > > it removed from lenny. > > No, why should it remove it as removed from lenny as well in > this case? > > > then you want to do something special for etch, and i think your intent > > is a no-dsa? > > Not sure yet. > > > or if you don't want to do that, you can not add an etch > > entry, and it will be tracked as affected. > > So my current intention is to mark lenny as not containing > libxml and since thsi will be tracked upwards unless marked > as unfixed in unstable this should mark unstable as not > containing libxml as well but etch as unfixed.
Just use: libxml2 <unfixed> (medium; bug #540865) libxml <removed> The tracker knows which source package is present in which suite. If a package is marked as <removed> in unstable it is automatically marked as unfixed for all the suite it still remains in. (It would be nice if anyone could add this to the introductory explanation document.) Cheers, Moritz _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
