On dim., 2012-01-15 at 12:53 +0100, Francesco Poli (wintermute) wrote: > Package: security-tracker > Severity: normal > > Hi! > > The tracker page [1] for DSA-2388-1 [2] looks OK, but some of the > referenced CVE tracker pages [3][4] claim that t1lib/5.1.2-3.3 is still > vulnerable in wheezy and sid, while the DSA [2] claims that all the > CVEs are fixed in wheezy and sid by t1lib/5.1.2-3.3 ... > > Assuming that the DSA is right and the tracker is wrong, please > fix this inconsistency. > > Thanks for your time!
You're perfectly right, wheezy/sid doesn't have a fix for 2011-0433 and 2010-2642, for some reason. I'm gonna prepare another NMU and an errata for the DSA. Regards, -- Yves-Alexis
signature.asc
Description: This is a digitally signed message part