Bug#642259: marked as done (security-tracker: DSA-2305-1 vs. tracker)
Your message dated Wed, 21 Sep 2011 17:48:40 -0400 with message-id <20110921174840.5b7c4967b7129e23ed79b...@gmail.com> and subject line Re: Bug#642259: marked as done (security-tracker: DSA-2305-1 vs. tracker) has caused the Debian Bug report #642259, regarding security-tracker: DSA-2305-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 642259: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642259 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: security-tracker Severity: normal Hi! DSA-2305-1 [1] talks about two vulnerabilities (CVE-2011-0762 and CVE-2011-2189), but its tracker page [2] only refers to one of them (CVE-2011-0762). Please add the missing reference. Thanks! [1] http://lists.debian.org/debian-security-announce/2011/msg00186.html [2] http://security-tracker.debian.org/tracker/DSA-2305-1 --- End Message --- --- Begin Message --- Francesco Poli wrote: > However, I've just noticed another little inconsistency (I am therefore > reopening the bug report): the DSA claims that the issues are fixed in > squeeze by version 2.3.2-3+squeeze2, but the CVE-2011-0762 tracker page > [1] says that we should wait for version 2.3.2-3+squeeze3 . > If this is incorrect, please fix the tracker data. > Thanks. Fixed, thanks. Mike --- End Message ---
Processed: Re: Bug#642259: marked as done (security-tracker: DSA-2305-1 vs. tracker)
Processing commands for cont...@bugs.debian.org: > reopen 642259 = Bug #642259 {Done: Michael Gilbert } [security-tracker] security-tracker: DSA-2305-1 vs. tracker > thanks Stopping processing here. Please contact me if you need assistance. -- 642259: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642259 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.13166409057871.transcr...@bugs.debian.org
Bug#642259: marked as done (security-tracker: DSA-2305-1 vs. tracker)
reopen 642259 = thanks On Wed, 21 Sep 2011 21:27:39 +0200 Nico Golde wrote: > Hi, > * Francesco Poli [2011-09-21 19:07]: [...] > > Why did you add only a note, rather than an actual reference to > > CVE-2011-2189 ? > > Because technically vsftpd would need its own CVE id (which it will not get > though). If I correctly understand what you mean, CVE-2011-2189 is about the issue in the Linux kernel, rather than about the issue on vsftpd side. If this is the case, that explains adequately. Thanks. However, I've just noticed another little inconsistency (I am therefore reopening the bug report): the DSA claims that the issues are fixed in squeeze by version 2.3.2-3+squeeze2, but the CVE-2011-0762 tracker page [1] says that we should wait for version 2.3.2-3+squeeze3 . If this is incorrect, please fix the tracker data. Thanks. [1] http://security-tracker.debian.org/tracker/CVE-2011-0762 -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgpHtEQS1iEdi.pgp Description: PGP signature
Bug#642259: marked as done (security-tracker: DSA-2305-1 vs. tracker)
Hi, * Francesco Poli [2011-09-21 19:07]: > On Tue, 20 Sep 2011 18:46:07 -0400 Michael Gilbert wrote: > > Francesco Poli (wintermute) wrote: > > > Package: security-tracker > > > Severity: normal > > > > > > Hi! > > > > > > DSA-2305-1 [1] talks about two vulnerabilities (CVE-2011-0762 and > > > CVE-2011-2189), but its tracker page [2] only refers to one of > > > them (CVE-2011-0762). > > > > Fixed, thanks. > > Why did you add only a note, rather than an actual reference to > CVE-2011-2189 ? Because technically vsftpd would need its own CVE id (which it will not get though). Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0 For security reasons, all text in this mail is double-rot13 encrypted. pgpCoS9GiwUMV.pgp Description: PGP signature
Bug#642259: marked as done (security-tracker: DSA-2305-1 vs. tracker)
On Tue, 20 Sep 2011 18:46:07 -0400 Michael Gilbert wrote: > Francesco Poli (wintermute) wrote: > > > Package: security-tracker > > Severity: normal > > > > Hi! > > > > DSA-2305-1 [1] talks about two vulnerabilities (CVE-2011-0762 and > > CVE-2011-2189), but its tracker page [2] only refers to one of > > them (CVE-2011-0762). > > Fixed, thanks. Why did you add only a note, rather than an actual reference to CVE-2011-2189 ? -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgp4ZCMzA3Tsj.pgp Description: PGP signature