[Secure-testing-team] gimp hole: DSA vs. tracker
Francesco Poli
frx at firenze.linux.it
Sun Jun 10 10:41:08 UTC 2007
Hi again!
Is the tracker[1] consistent with DSA 1301-1?
The DSA[2] states that CVE-2007-2356 is:
* fixed by version 2.2.6-1sarge2 in sarge
* fixed by version 2.2.13-1etch1 in etch
* fixed by version 2.2.14-2 in sid
The tracker seems to disagree, though. The vulnerability[3] is claimed
to be present in versions 2.2.6-1sarge2 and 2.2.13-1etch1.
The tracker seems to correctly know which versions are in which Debian
branch, hence I don't think that the problem lies in delayed fetch of
Packages.gz...
What's wrong?
[1] http://security-tracker.debian.net/tracker/
[2] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00061.html
[3] http://security-tracker.debian.net/tracker/CVE-2007-2356
P.S.: Please Cc: me on replies, as I am not a list subscriber. Thanks.
--
http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html
Need to read a Debian testing installation walk-through?
..................................................... Francesco Poli .
GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070610/b26f8c69/attachment.pgp
More information about the Secure-testing-team
mailing list