[Secure-testing-team] DSA 1327-1 vs. the tracker
Francesco Poli
frx at firenze.linux.it
Mon Jul 2 20:45:40 UTC 2007
Hi all!
DSA 1327-1[1] states that CVE-2007-2838 is fixed in etch with version
0.1.4-2etch1 of gsambad, while could be still unfixed in sid.
However, the tracker page for this DSA[2] seems to be a bit strange:
| Debian/oldstable not known to be vulnerable
| Debian/stable not known to be vulnerable
| Debian/testing not known to be vulnerable
| Debian/unstable not known to be vulnerable
but at the bottom the correct version info seems to be shown:
| Package Type Release Fixed Version Urgency Origin Debian Bugs
| gsamba unknown etch 0.1.4-2etch1 unknown
Similarly awkward data are shown in the tracker page for the
vulnerability[3]:
| Source Package Release Version Status
| gsambad (PTS) etch 0.1.4-2 vulnerable
| etch (security) 0.1.4-2etch1 vulnerable
| lenny 0.1.5-5 vulnerable
| sid 0.1.6-1 vulnerable
but:
| Package Type Release Fixed Version Urgency Origin Debian Bugs
| gsamba unknown etch 0.1.4-2etch1 unknown DSA-1327-1
| gsambad source (unstable) 0.1.6-2 unknown 431331
What's wrong?
Is this an inconsistency?
[1] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00088.html
[2] http://security-tracker.debian.net/tracker/DSA-1327-1
[3] http://security-tracker.debian.net/tracker/CVE-2007-2838
P.S.: Please Cc: me on replies, as I am not a list subscriber. Thanks.
--
http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html
Need to read a Debian testing installation walk-through?
..................................................... Francesco Poli .
GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070702/cfda2721/attachment.pgp
More information about the Secure-testing-team
mailing list