Hi Bonaccorso, Thank you for the quick reply.
Will this happen for all the DSAs with partial CVEs for a distro? Is there any other limitations to the tracker site? By the way, is there a DSA index page for the tracker site? Regards, Xiaoguang On Oct 13, 2015 5:41 PM, "Salvatore Bonaccorso" <car...@debian.org> wrote: > Hi > > On Tue, Oct 13, 2015 at 05:08:39PM +0800, Xiaoguang Bai wrote: > > Hi, > > > > For DSA-3348-1, the information in following 2 sources does not match. > The > > security tracker site does not show the fixed package/version for wheezy. > > > > https://lists.debian.org/debian-security-announce/2015/msg00247.html > > https://security-tracker.debian.org/tracker/DSA-3348-1 > > > > > > Actually, I have noticed quite a few of differences between the DSA > mailing > > list and this tracker site. Should they match each other? May I know what > > might be the reason if they are different? > > This is sort of current limitation for the security-tracker when you > have not overlapping fixing versions. The free text form explains that > only two CVEs affect wheezy. If you then check the CVEs explicitly, > say CVE-2015-5165: > > https://security-tracker.debian.org/CVE-2015-5165 > > this has the correct information (which cannot be displayed correctly > for DSA-3348-1 overview page regarding the versions). > > Regards, > Salvatore >