[Secure-testing-team] Updates for testing-security track page

Francesco Poli frx at firenze.linux.it
Tue Jun 20 22:24:27 UTC 2006


On Mon, 19 Jun 2006 22:36:11 +0200 Francesco Poli wrote:

> On Sun, 18 Jun 2006 10:20:38 +0200 Florian Weimer wrote:
> 
> > * Francesco Poli:
> > 
> > > Here's the first discrepancy I found:
> > >
> > > * blender 2.40-1 needed, have 2.37a-1.1 for CVE-2005-4470
> > 
> > There was a typo in the DTSA file.  The output should be fixed soon.
> 
> Now it reads:
> 
> * blender 2.37a-1.1etch1 needed, have 2.37a-1.1 for DTSA-29-1
> 
> Mmmh, it should qualify as "fixed in secure-testing archive" in the
> bottom summary, but it doesn't.
> I'm afraid that this is not the Right Way(TM) to mark it as
> fixed with DTSA-something...  :-(

Another possible misuse of this same kind of tag:

* egroupware 1.2-1.dfsg-1 needed, have 1.0.0.009.dfsg-3-4 for
CVE-2006-2016

Unfortunately, the testing migration tracker[1] says that "egroupware
has the latest version in testing (1.0.0.009.dfsg-3-4)"
If you look at packages.qa.d.o[2], you see that all 1.2-* versions were
uploaded to experimental, rather than to unstable.
This explains why no migration to testing is currently on the way.
OK.
But then, considering this hole as "fixed in unstable but not testing"
does not seem to be correct!
This hole should be marked as unfixed, or, at best, as "fixed in
experimental" (but I don't see this category in the bottom summary of
the testing security holes page[3]...)

[1] http://bjorn.haxx.se/debian/testing.pl?package=egroupware
[2] http://packages.qa.debian.org/e/egroupware.html
[3] http://spohr.debian.org/~joeyh/testing-security.html


-- 
    :-(   This Universe is buggy! Where's the Creator's BTS?   ;-)
......................................................................
  Francesco Poli                             GnuPG Key ID = DD6DFCF4
 Key fingerprint = C979 F34B 27CE 5CD8 DC12  31B5 78F4 279B DD6D FCF4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060621/499096c7/attachment.pgp


More information about the Secure-testing-team mailing list