[Secure-testing-team] Is the security bug tracker up-to-date?

Francesco Poli frx at firenze.linux.it
Mon Mar 12 19:57:27 UTC 2007


Hi!

I noticed something weird on the security bug tracker[1].
Some vulnerabilities are still listed for testing as fixed in unstable,
while the package version that fixes the problem has already migrated
from unstable to testing.

For instance, the report[2] for CVE-2007-0981 states:

|
| iceweasel (PTS)    etch  2.0.0.1+dfsg-2  vulnerable
|                    sid   2.0.0.2+dfsg-3  fixed
|

On the other hand, the testing migration checker[3] says:

|
| * iceweasel has the same version in unstable and testing
| (2.0.0.2+dfsg-3) 
|

and the PTS[4] confirms that iceweasel 2.0.0.2+dfsg-3 migrated to
testing on 2007-03-10.

What's wrong?

[1] http://security-tracker.debian.net/tracker/
[2] http://security-tracker.debian.net/tracker/CVE-2007-0981
[3] http://bjorn.haxx.se/debian/testing.pl?package=iceweasel
[4] http://packages.qa.debian.org/i/iceweasel.html


P.S.: Please Cc: me on replies, as I am not a list subscriber.  Thanks.


-- 
 http://frx.netsons.org/progs/scripts/refresh-pubring.html
 Need to refresh your keyring in a piecewise fashion?
..................................................... Francesco Poli .
 GnuPG key fpr == C979 F34B 27CE 5CD8 DC12  31B5 78F4 279B DD6D FCF4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070312/92492928/attachment.pgp


More information about the Secure-testing-team mailing list