[Secure-testing-team] confused/apparent discrepancy
Alec Berryman
alec at thened.net
Wed Oct 4 13:09:29 UTC 2006
Jon Daley on 2006-10-04 05:54:41 -0400:
> It looks to me that the top summary fields that say "not vulnerable" are
> out of sync or something.
>
> Name CVE-2006-4925
> Source CVE (in NVD)
> Description packet.c in ssh in OpenSSH allows remote attackers to
> cause a denial ...
> Debian/stable not known to be vulnerable
> Debian/testing not known to be vulnerable
> Debian/unstable not known to be vulnerable
>
>
> And then the rest of the page says "vulnerable" everywhere, without any
> fixes reported.
>
> I see the "That's a non-issue" comment, so perhaps that means it won't
> be/doesn't need to be fixed?
Valid question. Down at the bottom of the page, you'll see its
urgency is 'unimportant'; 'unimportant' issues are acknowledged and
tracked but not displayed along with other ones because they are,
well, unimportant. There isn't an error in the website code; a
package isn't considered vulnerable if it suffers from 'unimportant'
issues.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20061004/c78357f5/attachment.pgp
More information about the Secure-testing-team
mailing list