FWIW updating the ticket ----- Forwarded message from Salvatore Bonaccorso <car...@debian.org> -----
Date: Mon, 29 Feb 2016 21:05:02 +0100 From: Salvatore Bonaccorso <car...@debian.org> To: Geert Stappers <stapp...@stappers.nl> Cc: debian-security-tracker@lists.debian.org Subject: Re: severity-tracker and backports Hi Geert, On Mon, Feb 29, 2016 at 08:58:00PM +0100, Geert Stappers wrote: > Hi, > > https://security-tracker.debian.org/tracker/CVE-2016-1898 > mentions wheezy and stretch, but not jessie, neither jessie-backports. > > CVE-2016-1898 is about a ffmpeg vulnerbility. > > ffmpeg is not in jessie, but it is in jessie-backports. > > The CVE-2016-1898 vulnerbility is is fixed in jessie-backports. > > What needs to be done that the Debian security-tracker > reports status of packages in backports? There is some discussion about this in #664866. But we haven't progress on having that correctly since then. Regards, Salvatore ----- End forwarded message ----- Groeten Geert Stappers -- Leven en laten leven