On Fri, Oct 24, 2008 at 12:13:10AM -0400, Michael Gilbert wrote:
> >> The tracker page [1] for CVE-2008-3699 says "Debian/stable not known
> >> to be vulnerable", yet in the next section it says that "etch 1.4.4-4
> >> vulnerable". These two statements contradict one another, and lead one
> >> clueless as to whether the issue has been fixed or not in stable. The
> >> tracker should be updated with correct information.
> >
> > In this case the issue is marked as a "non-issue", the rationale is at the
> > bottom of the page. That makes the top part say that we're not affected.
> > The vulnerability indications below are not that meaningful for
> > non-issues.
> >
> > We could see if we can improve the presentation of items marked as a
> > non-issue.
>
> The CVE-2008-3230 page seems to have the same problem. What would
> need to be done to fix this? I may have some time to look at the code
> and make it work better -- if someone can tell me where to start. Is
> the code that generates these pages contained in the secure-testing
> package?
Thanks for the offer. I believe the addition of a new state similar to
<unfixed> (e.g. <non-issue>) might be the best solution.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
