[Secure-testing-team] [Secure-testing-commits] r12553 - data/CVE
Michael S. Gilbert
michael.s.gilbert at gmail.com
Mon Aug 10 19:51:50 UTC 2009
On Mon, 10 Aug 2009 21:35:17 +0200, Nico Golde wrote:
> Hi,
> * Michael S. Gilbert <michael.s.gilbert at gmail.com> [2009-08-10 21:14]:
> > On Mon, 10 Aug 2009 18:58:17 +0000, Nico Golde wrote:
> [...]
> > > CVE-2009-2414 [libxml2 stack recursion]
> > > RESERVED
> > > - libxml2 <unfixed> (medium; bug #540865)
> > > - [etch] - libxml <unfixed>
> > > + [lenny] - libxml <removed>
> >
> > i still don't think this is what you're trying to get at. you want to
> > mark it is removed from unstable, which will automatically also mark
> > it removed from lenny.
>
> No, why should it remove it as removed from lenny as well in
> this case?
the tracker is smart. if you mark a package as <removed> in unstable,
and it is indeed removed in lenny also, than it will automatically
track as removed.
> So my current intention is to mark lenny as not containing
> libxml and since thsi will be tracked upwards unless marked
> as unfixed in unstable this should mark unstable as not
> containing libxml as well but etch as unfixed.
i commited a change that does what i think you intended to do, please
check the CVE pages on the tracker for those issues to see if its what
you expect.
mike
More information about the Secure-testing-team
mailing list