Package: security-tracker Severity: important Oftentimes, a fix gets released for other distributions, and then it takes weeks or months for Debian to apply the same fix. I wonder if this is primarily a communication issue and whether including this type of information in the tracker would help reduce this lag. The intent would be to increase the security team/package maintainers awareness of existing patches.
Some current examples (not a comprehensive list, I only spent 5 minutes on this): CVE-2008-4552: fixed in ubuntu [1] CVE-2008-2379: fixed in fedora [2] I'm considering the severity important since leaving user's systems vulnerable while a fix exists is a very bad thing. If I get the time, I may look at trying to add this myself, but no guarantees. So if anyone else is interested in the problem, go for it. Mike [1] http://www.ubuntu.com/usn/USN-687-1 [2] https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00232.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
