[Secure-testing-team] Why is "fixed in testing-security" slow to turn up in the tracker?
Stefan Fritsch
sf at sfritsch.de
Thu May 31 21:38:18 UTC 2007
Hi,
On Donnerstag, 31. Mai 2007, Francesco Poli wrote:
> The following three pages
> http://security-tracker.debian.net/tracker/CVE-2007-2444
> http://security-tracker.debian.net/tracker/CVE-2007-2446
> http://security-tracker.debian.net/tracker/CVE-2007-2447
> seem to be OK and consistent with the related DSA and DTSA.
They also say that lenny is vulnerable.
>
> However,
> http://security-tracker.debian.net/tracker/status/release/testing
> does not yet show those three vulnerabilities as "fixed in
> testing-security".
> Why does this seem to be often updated in delay w.r.t. the other
> data?
The data which vulnerability is fixed in which version is pushed to
the tracker (by the svn commit). However, the data which versions are
in which distributions gets only updated when the tracker downloads
the Packages files, which does not happen too often (once a day?).
Therefore, at the moment the tracker knows that the issues are fixed
in version 3.0.24-6+lenny3, but it doesn't know yet that this version
is in testing-security.
HTH.
Cheers,
Stefan
More information about the Secure-testing-team
mailing list