Bug#655960: marked as done (security-tracker: DSA-2388-1 vs. tracker)
Your message dated Sun, 15 Jan 2012 15:41:18 +0100 with message-id <1326638478.4782.38.camel@scapa> and subject line Re: Bug#655960: security-tracker: DSA-2388-1 vs. tracker has caused the Debian Bug report #655960, regarding security-tracker: DSA-2388-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 655960: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655960 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: security-tracker Severity: normal Hi! The tracker page [1] for DSA-2388-1 [2] looks OK, but some of the referenced CVE tracker pages [3][4] claim that t1lib/5.1.2-3.3 is still vulnerable in wheezy and sid, while the DSA [2] claims that all the CVEs are fixed in wheezy and sid by t1lib/5.1.2-3.3 ... Assuming that the DSA is right and the tracker is wrong, please fix this inconsistency. Thanks for your time! [1] http://security-tracker.debian.org/tracker/CVE-2010-2642 [2] http://lists.debian.org/debian-security-announce/2012/msg00011.html [3] http://security-tracker.debian.org/tracker/CVE-2010-2642 [4] http://security-tracker.debian.org/tracker/CVE-2011-0433 --- End Message --- --- Begin Message --- On dim., 2012-01-15 at 09:24 -0500, Michael Gilbert wrote: > On Sun, Jan 15, 2012 at 7:42 AM, Yves-Alexis Perez wrote: > > On dim., 2012-01-15 at 12:53 +0100, Francesco Poli (wintermute) wrote: > >> Package: security-tracker > >> Severity: normal > >> > >> Hi! > >> > >> The tracker page [1] for DSA-2388-1 [2] looks OK, but some of the > >> referenced CVE tracker pages [3][4] claim that t1lib/5.1.2-3.3 is still > >> vulnerable in wheezy and sid, while the DSA [2] claims that all the > >> CVEs are fixed in wheezy and sid by t1lib/5.1.2-3.3 ... > >> > >> Assuming that the DSA is right and the tracker is wrong, please > >> fix this inconsistency. > >> > >> Thanks for your time! > > > > You're perfectly right, wheezy/sid doesn't have a fix for 2011-0433 and > > 2010-2642, for some reason. I'm gonna prepare another NMU and an errata > > for the DSA. > > You shouldn't need to send another announcement for a minor correction > like this. Correcting it in the tracker is sufficient. > Ok, then I'm closing the bug since the tracker is now correct and the package uploaded to sid. Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part --- End Message ---
Bug#655960: security-tracker: DSA-2388-1 vs. tracker
On Sun, Jan 15, 2012 at 7:42 AM, Yves-Alexis Perez wrote: > On dim., 2012-01-15 at 12:53 +0100, Francesco Poli (wintermute) wrote: >> Package: security-tracker >> Severity: normal >> >> Hi! >> >> The tracker page [1] for DSA-2388-1 [2] looks OK, but some of the >> referenced CVE tracker pages [3][4] claim that t1lib/5.1.2-3.3 is still >> vulnerable in wheezy and sid, while the DSA [2] claims that all the >> CVEs are fixed in wheezy and sid by t1lib/5.1.2-3.3 ... >> >> Assuming that the DSA is right and the tracker is wrong, please >> fix this inconsistency. >> >> Thanks for your time! > > You're perfectly right, wheezy/sid doesn't have a fix for 2011-0433 and > 2010-2642, for some reason. I'm gonna prepare another NMU and an errata > for the DSA. You shouldn't need to send another announcement for a minor correction like this. Correcting it in the tracker is sufficient. Mike -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CANTw=MMDdrnmHyffoy3_ms6KWf4=jawywfjuyqj6+qdmcy6...@mail.gmail.com
Bug#655960: security-tracker: DSA-2388-1 vs. tracker
On Sun, 15 Jan 2012 13:42:50 +0100 Yves-Alexis Perez wrote: > On dim., 2012-01-15 at 12:53 +0100, Francesco Poli (wintermute) wrote: [...] > > Assuming that the DSA is right and the tracker is wrong, please > > fix this inconsistency. [...] > > You're perfectly right, wheezy/sid doesn't have a fix for 2011-0433 and > 2010-2642, for some reason. Ah, so it was the opposite of what I thought: the tracker was right, while the DSA was wrong! > I'm gonna prepare another NMU and an errata > for the DSA. Great! I am happy to see things getting fixed up! ;-) > > Regards, Bye, and thanks a lot for your much appreciated dedication to security! -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgpA5bT63t8UT.pgp Description: PGP signature
Bug#655960: security-tracker: DSA-2388-1 vs. tracker
On dim., 2012-01-15 at 12:53 +0100, Francesco Poli (wintermute) wrote: > Package: security-tracker > Severity: normal > > Hi! > > The tracker page [1] for DSA-2388-1 [2] looks OK, but some of the > referenced CVE tracker pages [3][4] claim that t1lib/5.1.2-3.3 is still > vulnerable in wheezy and sid, while the DSA [2] claims that all the > CVEs are fixed in wheezy and sid by t1lib/5.1.2-3.3 ... > > Assuming that the DSA is right and the tracker is wrong, please > fix this inconsistency. > > Thanks for your time! You're perfectly right, wheezy/sid doesn't have a fix for 2011-0433 and 2010-2642, for some reason. I'm gonna prepare another NMU and an errata for the DSA. Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Bug#655960: security-tracker: DSA-2388-1 vs. tracker
Package: security-tracker Severity: normal Hi! The tracker page [1] for DSA-2388-1 [2] looks OK, but some of the referenced CVE tracker pages [3][4] claim that t1lib/5.1.2-3.3 is still vulnerable in wheezy and sid, while the DSA [2] claims that all the CVEs are fixed in wheezy and sid by t1lib/5.1.2-3.3 ... Assuming that the DSA is right and the tracker is wrong, please fix this inconsistency. Thanks for your time! [1] http://security-tracker.debian.org/tracker/CVE-2010-2642 [2] http://lists.debian.org/debian-security-announce/2012/msg00011.html [3] http://security-tracker.debian.org/tracker/CVE-2010-2642 [4] http://security-tracker.debian.org/tracker/CVE-2011-0433 -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120115115354.7889.27573.reportbug@homebrew