On Sun, Jan 15, 2012 at 7:42 AM, Yves-Alexis Perez wrote: > On dim., 2012-01-15 at 12:53 +0100, Francesco Poli (wintermute) wrote: >> Package: security-tracker >> Severity: normal >> >> Hi! >> >> The tracker page [1] for DSA-2388-1 [2] looks OK, but some of the >> referenced CVE tracker pages [3][4] claim that t1lib/5.1.2-3.3 is still >> vulnerable in wheezy and sid, while the DSA [2] claims that all the >> CVEs are fixed in wheezy and sid by t1lib/5.1.2-3.3 ... >> >> Assuming that the DSA is right and the tracker is wrong, please >> fix this inconsistency. >> >> Thanks for your time! > > You're perfectly right, wheezy/sid doesn't have a fix for 2011-0433 and > 2010-2642, for some reason. I'm gonna prepare another NMU and an errata > for the DSA.
You shouldn't need to send another announcement for a minor correction like this. Correcting it in the tracker is sufficient. Mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
