[Secure-testing-team] Tracker inconsistencies?
Moritz Muehlenhoff
jmm at inutil.org
Wed Jul 12 20:29:03 UTC 2006
Francesco Poli wrote:
> Hi all!
>
> According to [1], the described issue is fixed in sash:
>
> | sash (PTS) woody 3.4-8.2 fixed
> | sarge, sarge (security) 3.7-5sarge1 fixed
> | etch, sid 3.7-7 fixed
>
> On the other hand, bug #318246[2] is still open and seems to state
> that the issue is still unfixed in sarge.
> Is this an inconsistency?
The DSA was issued after the last bug activity, the maintainer should
have closed it. The Security Team doesn't close bugs for the maintainers.
> Moreover, according to [1], the issue is unfixed in mysql-dfsg-4.1:
>
> | mysql-dfsg-4.1 (PTS) sarge 4.1.11a-4sarge2 vulnerable
> | sarge (security) 4.1.11a-4sarge4 vulnerable
>
> On the other hand, bug #319858[3] claims that mysql-dfsg-4.1 is not
> affected.
> Who's right? Who's wrong?
The unfixed source is still present, but it's not compiled into the binary
package. Thus it's marked as "unimportant".
Cheers,
Moritz
More information about the Secure-testing-team
mailing list