[Secure-testing-team] confused/apparent discrepancy
Jon Daley
secure-testing at jon.limedaley.com
Wed Oct 4 09:54:41 UTC 2006
Does this look correct to you?
http://idssi.enyo.de/tracker/CVE-2006-4925
It looks to me that the top summary fields that say "not vulnerable" are
out of sync or something.
Name CVE-2006-4925
Source CVE (in NVD)
Description packet.c in ssh in OpenSSH allows remote attackers to
cause a denial ...
Debian/stable not known to be vulnerable
Debian/testing not known to be vulnerable
Debian/unstable not known to be vulnerable
And then the rest of the page says "vulnerable" everywhere, without any
fixes reported.
I see the "That's a non-issue" comment, so perhaps that means it won't
be/doesn't need to be fixed?
Am I reading it incorrectly?
--
Jon Daley
http://jon.limedaley.com/
It is easier to get forgiveness than permission.
-- Stewart's Law of Retroaction
More information about the Secure-testing-team
mailing list