Bug#479727: marked as done (security-tracker: Show unimportant issues in some way on package overview)
Your message dated Thu, 18 Sep 2014 07:53:49 +0200 with message-id <20140918055349.ga7...@lorien.valinor.li> and subject line Re: Bug#479727: security-tracker: Show unimportant issues in some way on package overview has caused the Debian Bug report #479727, regarding security-tracker: Show unimportant issues in some way on package overview to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 479727: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=479727 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: security-tracker Severity: wishlist Hi, Currently, issues marked as unimportant disappear entirely off the radar, which is not a big problem. I think for clarity however it would be better if they were displayed somewhere so users can see we know that such a CVE applies to the package, but we just disregard it. Maybe one of the following options: - Add them between the other CVEs under Open or Resolved, but mark them specifically (e.g.: , or gray, ...) - Add a thrid section after Open and Resolved, being Non-issues. cheers, Thijs -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.18-6-686 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) --- End Message --- --- Begin Message --- Hi Thijs, I just sumbled ofer #479727 in the BTS. I think this is already resolved since a while, the per package page shows the open unimportant. Closing the bug with this message. Regards, Salvatore--- End Message ---
Bug#762069: security-tracker does not update NVD information anymore
Package: security-tracker Severity: normal Tags: confirmed Hi, I'm looking into this problem, but would like to have documented the problem in the BTS. Currently since we switched to fetch information trough https updates of NVD information for the security-tracker does not work anymore. Makefile contains a update-nvd target, which fetches the nvde-$year information via https: wget -q -Odata/nvd/$$name https://nvd.nist.gov/download/$$name ERROR: The certificate of `nvd.nist.gov' is not trusted. ERROR: The certificate of `nvd.nist.gov' hasn't got a known issuer. Solution: We need (as for example also needed for qa's vcs-watch) our own CA store for the security-tracker which is used on soler. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140918054352.4504.25617.report...@lorien.valinor.li
Bug#610220: marked as done (url parsing of notes only works with one url per note)
Your message dated Wed, 17 Sep 2014 16:29:17 +0200 with message-id <201409171629.23598.hol...@layer-acht.org> and subject line Re: Bug#610220: turn URLs in notes into hyperlinks has caused the Debian Bug report #610220, regarding url parsing of notes only works with one url per note to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 610220: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610220 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: security-tracker Severity: wishlist "NOTE: see http://www.example.com/info.html"; should render as "NOTE: see http://www.example.com/info.html" or something similar. --- End Message --- --- Begin Message --- Hi, On Dienstag, 16. September 2014, Holger Levsen wrote: > control: tags -1 - pending > # rather help is welcome to fix improve the regex as described in the bug > log # (see previous mail to the bug) I'm declaring this limitation a well designed feature now: "NOTES may include one http:// or https:// URL which will be turned into a so called "hyper-link". If you need more than one such link, it is advised to use several notes." r28866 did this split for the existing 12 cases in the database. And so I'm closing this issue now. \o/ cheers, Holger .oO( now we need a VCS hook to enforce this...) signature.asc Description: This is a digitally signed message part. --- End Message ---
Bug#664866: patch for: Include squeeze- and wheezy-backports in issue and package views. (Closes: #664866)
Hi, On Dienstag, 16. September 2014, Holger Levsen wrote: > we really need to refactor the codebase eventually ;-) > > I've thought about treating backports as subrelease, but I've came to the > conclusion that would be wrong. > > See attached. may I push this one into svn? cheers, Holger signature.asc Description: This is a digitally signed message part.
Bug#761963: security-tracker: consolidate vulnerable/fixed per release in overviews
Package: security-tracker Severity: wishlist Hi, In the overview per-package, the tracker currently shows for each CVE name about seven columns: squeeze, squeeze-security, squeeze-lts, wheezy, wheezy-security, jessie, sid. I think for the overviews it would be preferable if the table just shows the status for each release ('squeeze', 'wheezy' (or maybe even 'oldstable','stable')) etc overall, that is, 'wheezy' will show fixed if an issue is fixed in wheezy-security. I believe that this represents best how people think about an issue being fixed. For an individual CVE page, I think the same would go for the overview on the top (this currently shows only "Debian/stable" for all wheezy suites but confusingly shows "vulnerable" if it's fixed in wheezy-security). The detailed info about the exact suites can remain to be found in the table under "Vulnerable and fixed packages" on the CVE page. Cheers, Thijs -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140917091039.14193.83060.report...@thki-sid.pt-48.utr.surfcloud.nl
Bug#761945: security-tracker: link to DLA details from Source field
Package: security-tracker Severity: wishlist DLAs include a "Source" field that simply says "Debian LTS Team". It would be nice if, like DSAs, the "Source" field linked to a source of further information, like the mailing list archive or the Debian website or to the security tracker SVN/git repository. https://security-tracker.debian.org/tracker/DLA-55-1 https://security-tracker.debian.org/tracker/DSA-3020-1 -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part