On Tue, 11 Aug 2009 19:07:06 +0200, Moritz Muehlenhoff wrote: > On Mon, Aug 10, 2009 at 09:35:17PM +0200, Nico Golde wrote: > > Hi, > > * Michael S. Gilbert <[email protected]> [2009-08-10 21:14]: > > > On Mon, 10 Aug 2009 18:58:17 +0000, Nico Golde wrote: > > [...] > > > > CVE-2009-2414 [libxml2 stack recursion] > > > > RESERVED > > > > - libxml2 <unfixed> (medium; bug #540865) > > > > - [etch] - libxml <unfixed> > > > > + [lenny] - libxml <removed> > > > > > > i still don't think this is what you're trying to get at. you want to > > > mark it is removed from unstable, which will automatically also mark > > > it removed from lenny. > > > > No, why should it remove it as removed from lenny as well in > > this case? > > > > > then you want to do something special for etch, and i think your intent > > > is a no-dsa? > > > > Not sure yet. > > > > > or if you don't want to do that, you can not add an etch > > > entry, and it will be tracked as affected. > > > > So my current intention is to mark lenny as not containing > > libxml and since thsi will be tracked upwards unless marked > > as unfixed in unstable this should mark unstable as not > > containing libxml as well but etch as unfixed. > > Just use: > libxml2 <unfixed> (medium; bug #540865) > libxml <removed>
i helped Nico to do exactly this yesterday. > The tracker knows which source package is present in which > suite. If a package is marked as <removed> in unstable it is > automatically marked as unfixed for all the suite it still > remains in. > > (It would be nice if anyone could add this to the introductory > explanation document.) if i find the time, i will. mike _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
