[Secure-testing-team] iceape holes: DSA vs. tracker
Francesco Poli
frx at firenze.linux.it
Fri Jun 8 15:58:08 UTC 2007
Hi!
It seems to me that the security bug tracker[1] is inconsistent with DSA
1300-1...
The DSA[2] states that six iceape vulnerabilities are:
* unfixed in sarge
* fixed by version 1.0.9-0etch1 in etch
* still unfixed in sid
The tracker seems to disagree, though. Out of six vulnerabilities,
one[3] is claimed to be "not known to" affect Debian (with a note that
says "check"), another[4] is claimed to be NOT-FOR-US ("No practical
security implications"), and the remaining four[5][6][7][8] are claimed
to affect sarge, etch, etch (security), lenny, and sid.
The tracker seems to correctly know which versions are in which Debian
branch, hence I don't think that the problem lies in delayed fetch of
Packages.gz...
What's wrong?
[1] http://security-tracker.debian.net/tracker/
[2] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00060.html
[3] http://security-tracker.debian.net/tracker/CVE-2007-1362
[4] http://security-tracker.debian.net/tracker/CVE-2007-1558
[5] http://security-tracker.debian.net/tracker/CVE-2007-2867
[6] http://security-tracker.debian.net/tracker/CVE-2007-2868
[7] http://security-tracker.debian.net/tracker/CVE-2007-2870
[8] http://security-tracker.debian.net/tracker/CVE-2007-2871
P.S.: Please Cc: me on replies, as I am not a list subscriber. Thanks.
--
http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html
Need to read a Debian testing installation walk-through?
..................................................... Francesco Poli .
GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070608/43bd1715/attachment.pgp
More information about the Secure-testing-team
mailing list