Bug#650929: security-tracker: DSA-2357-1 vs. tracker
On dim., 2011-12-04 at 16:00 +0100, Francesco Poli wrote: On Sun, 04 Dec 2011 12:19:46 +0100 Francesco Poli (wintermute) wrote: [...] Hi! It seems to me that the tracker page [1] for DSA-2357-1 [2] is fairly incomplete. [...] [1] http://security-tracker.debian.org/tracker/DSA-2357-1 [2] http://lists.debian.org/debian-security-announce/2011/msg00235.html The situation has improved significantly since I reported the inconsistency. Thanks a lot to whoever (silently) updated the tracker, if anyone actually did it. Actually I didn't see your mail, but fixed the issue meanwhile. Just to nitpick a little, there's a final detail to fix: the DSA says that three vulnerabilities (out of four) are already fixed for stable in evince/2.30.3-2, while only the fourth vulnerability (CVE-2010-2642) is unfixed in evince/2.30.3-2 and fixed in evince/2.30.3-2+squeeze1 . There seems to be no trace of this distinction on the tracker. Yeah, and I don't know why, since in the source file the 3 CVEs are marked as fixed by 2.30.3-2. Please fix this last detail, if possible. Again, thanks for your time. I've requested some help for other team member, will keep you posted. Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Bug#650929: security-tracker: DSA-2357-1 vs. tracker
On Mon, 05 Dec 2011 13:16:41 +0100 Yves-Alexis Perez wrote: On dim., 2011-12-04 at 16:00 +0100, Francesco Poli wrote: [...] The situation has improved significantly since I reported the inconsistency. Thanks a lot to whoever (silently) updated the tracker, if anyone actually did it. Actually I didn't see your mail, but fixed the issue meanwhile. Great! I love it when bugs get fixed even before a bug report manages to reach the involved people! ;-) Just to nitpick a little, there's a final detail to fix: the DSA says that three vulnerabilities (out of four) are already fixed for stable in evince/2.30.3-2, while only the fourth vulnerability (CVE-2010-2642) is unfixed in evince/2.30.3-2 and fixed in evince/2.30.3-2+squeeze1 . There seems to be no trace of this distinction on the tracker. Yeah, and I don't know why, since in the source file the 3 CVEs are marked as fixed by 2.30.3-2. I am not sure: maybe because it's marked as fixed in (unstable) ? An additional entry for the stable fixed version is perhaps needed... Please fix this last detail, if possible. Again, thanks for your time. I've requested some help for other team member, will keep you posted. Good, I hope it's not too tricky to get this thing right! Bye. -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgpO78omcAlmF.pgp Description: PGP signature
Bug#650929: marked as done (security-tracker: DSA-2357-1 vs. tracker)
Your message dated Mon, 5 Dec 2011 21:52:21 +0100 with message-id 20111205215221.3bd2300c8cf9aea4eb923...@paranoici.org and subject line Re: Bug#650929: security-tracker: DSA-2357-1 vs. tracker has caused the Debian Bug report #650929, regarding security-tracker: DSA-2357-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 650929: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650929 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hi! It seems to me that the tracker page [1] for DSA-2357-1 [2] is fairly incomplete. Please update the tracker data, so that they become consistent with the information provided by the DSA. Thanks for your time. [1] http://security-tracker.debian.org/tracker/DSA-2357-1 [2] http://lists.debian.org/debian-security-announce/2011/msg00235.html ---End Message--- ---BeginMessage--- On Mon, 5 Dec 2011 18:47:00 +0100 Francesco Poli wrote: On Mon, 05 Dec 2011 13:16:41 +0100 Yves-Alexis Perez wrote: On dim., 2011-12-04 at 16:00 +0100, Francesco Poli wrote: [...] Please fix this last detail, if possible. Again, thanks for your time. I've requested some help for other team member, will keep you posted. Good, I hope it's not too tricky to get this thing right! Now it seems that the CVEs look right. The DSA tracker page [1] looks a bit weird, without the stable fixed version info, but I suspect that this is intentional... [1] http://security-tracker.debian.org/tracker/DSA-2357-1 I am therefore closing this bug report, as the inconsistency seems to be fixed. -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgpxNgJB5ozO5.pgp Description: PGP signature ---End Message---
