[Secure-testing-team] Re: [Secure-testing-commits] r476 - sarge-checks/CAN
Joey Hess
joey at kitenet.net
Wed Feb 23 22:24:07 UTC 2005
Djoume SALVETTI wrote:
> Le mercredi 02/23/05 Joey Hess <joeyh at costa.debian.org> a écrit :
> > CAN-2005-0508 (Unknown vulnerability in Squiggle for Batik before 1.5.1 allows ...)
> > - NOTE: not-for-us (Squiggle for Batik)
> > + - libbatik-java (unfixed; bug #288009)
> > CAN-2005-0505 (Unknown vulnerability in Information Resource Manager (IRM) before ...)
> > - NOTE: not-for-us (IRM)
> > + - irm (unfixed; bug filed)
>
> Well... 2 mistakes in only a few check...
>
> I hope I didn't do more before and I apologise for these. :-/
I wish we had manpower to double-check each other more often..
> I used to check if a package is part of Debian with apt-cache search
> from an up to date Debian sid, please tell me if this is not a good method
> (note that I could have avoid these two mistake if I haven't read two
> quickly apt-cache output...)
I don't know of anything better, though I'll sometimes double-check with
the projet's web page to see if it has a more Debian-like alternate name
than the one used in the CVE info or advisory.
--
see shy jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050223/a1b8594c/attachment.pgp
More information about the Secure-testing-team
mailing list