External check
CVE-2012-3446: RESERVED -- The output might be a bit terse, but the above ids are known elsewhere, check the references in the tracker. The second part indicates the status of that id in the tracker at the moment the script was run. -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/501e15b2.bWz2dOJPdMZR+X3/%atomo64+st...@gmail.com
Bug#683916: security-tracker: DSA-2520-1 vs. tracker
Package: security-tracker Severity: normal Hello! DSA-2520-1 [1] and the corresponding tracker page [2] state that CVE-2012-2665 has been fixed in stable by openoffice.org/3.2.1-11+squeeze7. I believe that an epoch is missing, since the version number of the openoffice.org package currently in stable is already 1:3.2.1-11+squeeze4. Please update the tracker data. Thanks for your time! [1] https://lists.debian.org/debian-security-announce/2012/msg00160.html [2] http://security-tracker.debian.org/tracker/DSA-2520-1 -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120805124226.6023.69669.reportbug@homebrew
Bug#683921: security-tracker: DSA-2519-2 vs. tracker
Package: security-tracker Severity: normal Hi! DSA-2519-2 has been issued [1], stating that the previously announced security patches were not really applied to isc-dhcp/4.1.1-P1-15+squeeze5, an issue that has been fixed in isc-dhcp/4.1.1-P1-15+squeeze6. [1] https://lists.debian.org/debian-security-announce/2012/msg00161.html Hence, it is my understanding that isc-dhcp/4.1.1-P1-15+squeeze5 is still vulnerable to CVE-2011-4539, CVE-2012-3571, and CVE-2012-3954, while isc-dhcp/4.1.1-P1-15+squeeze6 is fixed. On the other hand, the tracker still seems to consider isc-dhcp/4.1.1-P1-15+squeeze5 as fixed, and shows no trace of DSA-2519-2 (the corresponding tracker page [2] still redirects to the one for DSA-2519-1). [2] http://security-tracker.debian.org/tracker/DSA-2519-2 Please update the tracker data. Thanks again for your time! -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120805125126.6203.92101.reportbug@homebrew
Bug#683922: security-tracker: DSA-2521-1 vs. tracker
Package: security-tracker Severity: normal Hello! DSA-2521-1 [1] has been recently issued, but the tracker [2] seems to be still unaware of it. Please update the tracker data. Thanks for your time! [1] https://lists.debian.org/debian-security-announce/2012/msg00162.html [2] http://security-tracker.debian.org/tracker/DSA-2521-1 -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120805125715.6424.81946.reportbug@homebrew
Bug#683916: marked as done (security-tracker: DSA-2520-1 vs. tracker)
Your message dated Sun, 05 Aug 2012 15:14:58 +0200 with message-id 1344172498.3878.65.camel@scapa and subject line Re: Bug#683916: security-tracker: DSA-2520-1 vs. tracker has caused the Debian Bug report #683916, regarding security-tracker: DSA-2520-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 683916: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683916 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello! DSA-2520-1 [1] and the corresponding tracker page [2] state that CVE-2012-2665 has been fixed in stable by openoffice.org/3.2.1-11+squeeze7. I believe that an epoch is missing, since the version number of the openoffice.org package currently in stable is already 1:3.2.1-11+squeeze4. Please update the tracker data. Thanks for your time! [1] https://lists.debian.org/debian-security-announce/2012/msg00160.html [2] http://security-tracker.debian.org/tracker/DSA-2520-1 ---End Message--- ---BeginMessage--- On dim., 2012-08-05 at 14:42 +0200, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hello! DSA-2520-1 [1] and the corresponding tracker page [2] state that CVE-2012-2665 has been fixed in stable by openoffice.org/3.2.1-11+squeeze7. I believe that an epoch is missing, since the version number of the openoffice.org package currently in stable is already 1:3.2.1-11+squeeze4. Please update the tracker data. The tracker was already updated before your bug, but thanks for the consistency check. Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part ---End Message---
Bug#683921: marked as done (security-tracker: DSA-2519-2 vs. tracker)
Your message dated Sun, 05 Aug 2012 15:19:42 +0200 with message-id 1344172782.3878.66.camel@scapa and subject line Re: Bug#683921: security-tracker: DSA-2519-2 vs. tracker has caused the Debian Bug report #683921, regarding security-tracker: DSA-2519-2 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 683921: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683921 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hi! DSA-2519-2 has been issued [1], stating that the previously announced security patches were not really applied to isc-dhcp/4.1.1-P1-15+squeeze5, an issue that has been fixed in isc-dhcp/4.1.1-P1-15+squeeze6. [1] https://lists.debian.org/debian-security-announce/2012/msg00161.html Hence, it is my understanding that isc-dhcp/4.1.1-P1-15+squeeze5 is still vulnerable to CVE-2011-4539, CVE-2012-3571, and CVE-2012-3954, while isc-dhcp/4.1.1-P1-15+squeeze6 is fixed. On the other hand, the tracker still seems to consider isc-dhcp/4.1.1-P1-15+squeeze5 as fixed, and shows no trace of DSA-2519-2 (the corresponding tracker page [2] still redirects to the one for DSA-2519-1). [2] http://security-tracker.debian.org/tracker/DSA-2519-2 Please update the tracker data. Thanks again for your time! ---End Message--- ---BeginMessage--- On dim., 2012-08-05 at 14:51 +0200, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hi! DSA-2519-2 has been issued [1], stating that the previously announced security patches were not really applied to isc-dhcp/4.1.1-P1-15+squeeze5, an issue that has been fixed in isc-dhcp/4.1.1-P1-15+squeeze6. [1] https://lists.debian.org/debian-security-announce/2012/msg00161.html Hence, it is my understanding that isc-dhcp/4.1.1-P1-15+squeeze5 is still vulnerable to CVE-2011-4539, CVE-2012-3571, and CVE-2012-3954, while isc-dhcp/4.1.1-P1-15+squeeze6 is fixed. On the other hand, the tracker still seems to consider isc-dhcp/4.1.1-P1-15+squeeze5 as fixed, and shows no trace of DSA-2519-2 (the corresponding tracker page [2] still redirects to the one for DSA-2519-1). [2] http://security-tracker.debian.org/tracker/DSA-2519-2 Please update the tracker data. Tracker data is up to date, although it has not propagated to the website yet (not too sure why). Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part ---End Message---
Bug#683922: marked as done (security-tracker: DSA-2521-1 vs. tracker)
Your message dated Sun, 05 Aug 2012 15:22:32 +0200 with message-id 1344172952.3878.68.camel@scapa and subject line Re: Bug#683922: security-tracker: DSA-2521-1 vs. tracker has caused the Debian Bug report #683922, regarding security-tracker: DSA-2521-1 vs. tracker to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 683922: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683922 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: security-tracker Severity: normal Hello! DSA-2521-1 [1] has been recently issued, but the tracker [2] seems to be still unaware of it. Please update the tracker data. Thanks for your time! [1] https://lists.debian.org/debian-security-announce/2012/msg00162.html [2] http://security-tracker.debian.org/tracker/DSA-2521-1 ---End Message--- ---BeginMessage--- On dim., 2012-08-05 at 14:57 +0200, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hello! DSA-2521-1 [1] has been recently issued, but the tracker [2] seems to be still unaware of it. Please update the tracker data. Once again, the tracker data is up to date. I know it might be painful to check, but it'd help us to actually do it before reporting. Now, it seems that there might be an issue with the website generation, but it's unrelated to the data itself. Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part ---End Message---
The tracker is no longer updated
Hi everybody (again)! As you already know, I've just filed three bug reports (#683916, #683921, and #683922) that were immediately closed, since the tracker data are already correct. On the other hand, the web presentation of the tracker data seems to no longer get updates from the subversion repository, as noted by Yves-Alexis Perez. Please fix the updating mechanism for the web presentation of the security tracker! P.S.: should I file an actual bug report for this issue, or does this message to the mailing list suffice? -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgpXGRCLHWkbz.pgp Description: PGP signature
Bug#683986: security-tracker: automated testing announcement emails
Package: security-tracker Hi Florian, On soler there's still the script that used to send the automatic testing announcement emails. I think it's been over a year since it broke due to changes in the security tracker's db schema. Since it is pretty obscure to me, would you please implement the feature in the tracker itself? Thanks. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201208051954.27128.geiss...@debian.org