Bug#642259: marked as done (security-tracker: DSA-2305-1 vs. tracker)

2011-09-21 Thread Debian Bug Tracking System 
Your message dated Wed, 21 Sep 2011 17:48:40 -0400
with message-id <20110921174840.5b7c4967b7129e23ed79b...@gmail.com>
and subject line Re: Bug#642259: marked as done (security-tracker: DSA-2305-1 
vs. tracker)
has caused the Debian Bug report #642259,
regarding security-tracker: DSA-2305-1 vs. tracker
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
642259: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642259
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: security-tracker
Severity: normal

Hi!

DSA-2305-1 [1] talks about two vulnerabilities (CVE-2011-0762 and
CVE-2011-2189), but its tracker page [2] only refers to one of
them (CVE-2011-0762).

Please add the missing reference.
Thanks!

[1] http://lists.debian.org/debian-security-announce/2011/msg00186.html
[2] http://security-tracker.debian.org/tracker/DSA-2305-1


--- End Message ---
--- Begin Message ---
Francesco Poli wrote:
> However, I've just noticed another little inconsistency (I am therefore
> reopening the bug report): the DSA claims that the issues are fixed in
> squeeze by version 2.3.2-3+squeeze2, but the CVE-2011-0762 tracker page
> [1] says that we should wait for version 2.3.2-3+squeeze3 .
> If this is incorrect, please fix the tracker data.
> Thanks.

Fixed, thanks.

Mike

--- End Message ---

Processed: Re: Bug#642259: marked as done (security-tracker: DSA-2305-1 vs. tracker)

2011-09-21 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> reopen 642259 =
Bug #642259 {Done: Michael Gilbert } 
[security-tracker] security-tracker: DSA-2305-1 vs. tracker
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
642259: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642259
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/handler.s.c.13166409057871.transcr...@bugs.debian.org

Bug#642259: marked as done (security-tracker: DSA-2305-1 vs. tracker)

2011-09-21 Thread Francesco Poli 
reopen 642259 =
thanks


On Wed, 21 Sep 2011 21:27:39 +0200 Nico Golde wrote:

> Hi,
> * Francesco Poli  [2011-09-21 19:07]:
[...]
> > Why did you add only a note, rather than an actual reference to
> > CVE-2011-2189 ?
> 
> Because technically vsftpd would need its own CVE id (which it will not get 
> though).

If I correctly understand what you mean, CVE-2011-2189 is about the
issue in the Linux kernel, rather than about the issue on vsftpd side.

If this is the case, that explains adequately.
Thanks.


However, I've just noticed another little inconsistency (I am therefore
reopening the bug report): the DSA claims that the issues are fixed in
squeeze by version 2.3.2-3+squeeze2, but the CVE-2011-0762 tracker page
[1] says that we should wait for version 2.3.2-3+squeeze3 .
If this is incorrect, please fix the tracker data.
Thanks.


[1] http://security-tracker.debian.org/tracker/CVE-2011-0762

-- 
 http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt
 New GnuPG key, see the transition document!
. Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE


pgpHtEQS1iEdi.pgp
Description: PGP signature

Bug#642259: marked as done (security-tracker: DSA-2305-1 vs. tracker)

2011-09-21 Thread Nico Golde 
Hi,
* Francesco Poli  [2011-09-21 19:07]:
> On Tue, 20 Sep 2011 18:46:07 -0400 Michael Gilbert wrote:
> > Francesco Poli (wintermute) wrote:
> > > Package: security-tracker
> > > Severity: normal
> > > 
> > > Hi!
> > > 
> > > DSA-2305-1 [1] talks about two vulnerabilities (CVE-2011-0762 and
> > > CVE-2011-2189), but its tracker page [2] only refers to one of
> > > them (CVE-2011-0762).
> > 
> > Fixed, thanks.
> 
> Why did you add only a note, rather than an actual reference to
> CVE-2011-2189 ?

Because technically vsftpd would need its own CVE id (which it will not get 
though).

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.


pgpCoS9GiwUMV.pgp
Description: PGP signature

Bug#642259: marked as done (security-tracker: DSA-2305-1 vs. tracker)

2011-09-21 Thread Francesco Poli 
On Tue, 20 Sep 2011 18:46:07 -0400 Michael Gilbert wrote:

> Francesco Poli (wintermute) wrote:
> 
> > Package: security-tracker
> > Severity: normal
> > 
> > Hi!
> > 
> > DSA-2305-1 [1] talks about two vulnerabilities (CVE-2011-0762 and
> > CVE-2011-2189), but its tracker page [2] only refers to one of
> > them (CVE-2011-0762).
> 
> Fixed, thanks.

Why did you add only a note, rather than an actual reference to
CVE-2011-2189 ?


-- 
 http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt
 New GnuPG key, see the transition document!
. Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE


pgp4ZCMzA3Tsj.pgp
Description: PGP signature