[Secure-testing-team] reliability of oldstable data
Stefan Fritsch
sf at sfritsch.de
Mon Dec 19 16:56:53 UTC 2005
Hi,
On Sunday 18 December 2005 13:21, Moritz Muehlenhoff wrote:
> note in narrative-introduction that oldstable is now fully
> supported
this is not really true. AIUI, when we checked the old CVEs last year,
we did not check whether versions in woody were affected. In many
cases this would have meant a lot of work (when the version in an
advisory was a lot newer than the woody version). Most of these cases
should appear in the tracker nonetheless, but some do not (e.g.
package removed or renamed between woody and sarge). So the oldstable
information has to be considered incomplete (btw, this is already
stated on the tracker page).
BTW, one case that should be in the tracker but is not:
stunnel #278942 CVE-2003-0740
What is wrong here?
Cheers,
Stefan
More information about the Secure-testing-team
mailing list