On Wed, October 22, 2008 23:59, Michael Gilbert wrote: > The tracker page [1] for CVE-2008-3699 says "Debian/stable not known > to be vulnerable", yet in the next section it says that "etch 1.4.4-4 > vulnerable". These two statements contradict one another, and lead one > clueless as to whether the issue has been fixed or not in stable. The > tracker should be updated with correct information.
In this case the issue is marked as a "non-issue", the rationale is at the bottom of the page. That makes the top part say that we're not affected. The vulnerability indications below are not that meaningful for non-issues. We could see if we can improve the presentation of items marked as a non-issue. cheers, Thijs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]