External check

2018-07-15 Thread Security Tracker 
CVE-2018-8356: TODO: check, could affect mono packages
--
The output might be a bit terse, but the above ids are known elsewhere,
check the references in the tracker. The second part indicates the status
of that id in the tracker at the moment the script was run.

Bug#903816: security-tracker: CVE-2017-17689 vs. tracker

2018-07-15 Thread Francesco Poli 
On Sun, 15 Jul 2018 13:38:52 +0200 Salvatore Bonaccorso wrote:

[...]
> In short, the tracker is ocrrect. The initial DSA mail did contain the
> mention of the CVE-2017-17689, but it was wrongly listed. This is why
> it was reverted in
> 
> https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b041892b1d953fabb4ef8636c02b427a2771663
> 
> and the website is as well correct (the mail obvioulsy cannot be fixed
> retrospecitively).

Ah OK, thanks for clarifying.


But then, maybe, the tracker page for [CVE-2017-17689] should stop
referencing bug [#898631]...

[CVE-2017-17689]: 
[#898631]: 



-- 
 http://www.inventati.org/frx/
 There's not a second to spare! To the laboratory!
. Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE


pgpU5CoW0qDHL.pgp
Description: PGP signature

Bug#903816: marked as done (security-tracker: CVE-2017-17689 vs. tracker)

2018-07-15 Thread Debian Bug Tracking System 
Your message dated Sun, 15 Jul 2018 13:38:52 +0200
with message-id <20180715113852.GA7817@eldamar.local>
and subject line Re: Bug#903816: security-tracker: CVE-2017-17689 vs. tracker
has caused the Debian Bug report #903816,
regarding security-tracker: CVE-2017-17689 vs. tracker
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
903816: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903816
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: security-tracker
Severity: normal

Hello everyone!

According to [DSA-4244-1] thunderbird/1:52.9.1-1~deb9u1 fixes
CVE-2017-17689 in stretch (security), among other vulnerabilities.

However the tracker page for [CVE-2017-17689] seems to disagree,
while, on the other hand, referencing bug [#898631], which is claimed
to be fixed in oldstable, stable, testing, and unstable.

But please note that bug [#898631] does not mention CVE-2017-17689
at all!

Oh what a headache!
Which is wrong and which is right?

Could you please clarify and update the tracker data, if needed?

Thanks for your time!

[DSA-4244-1]: 

[CVE-2017-17689]: 
[#898631]: 
--- End Message ---
--- Begin Message ---
On Sun, Jul 15, 2018 at 10:45:38AM +0200, Francesco Poli (wintermute) wrote:
> Package: security-tracker
> Severity: normal
> 
> Hello everyone!
> 
> According to [DSA-4244-1] thunderbird/1:52.9.1-1~deb9u1 fixes
> CVE-2017-17689 in stretch (security), among other vulnerabilities.
> 
> However the tracker page for [CVE-2017-17689] seems to disagree,
> while, on the other hand, referencing bug [#898631], which is claimed
> to be fixed in oldstable, stable, testing, and unstable.
> 
> But please note that bug [#898631] does not mention CVE-2017-17689
> at all!
> 
> Oh what a headache!
> Which is wrong and which is right?
> 
> Could you please clarify and update the tracker data, if needed?
> 
> Thanks for your time!
> 
> [DSA-4244-1]: 
> 
> [CVE-2017-17689]: 
> [#898631]: 

In short, the tracker is ocrrect. The initial DSA mail did contain the
mention of the CVE-2017-17689, but it was wrongly listed. This is why
it was reverted in

https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b041892b1d953fabb4ef8636c02b427a2771663

and the website is as well correct (the mail obvioulsy cannot be fixed
retrospecitively).

Regards,
Salvatore--- End Message ---

Bug#903816: security-tracker: CVE-2017-17689 vs. tracker

2018-07-15 Thread Francesco Poli (wintermute) 
Package: security-tracker
Severity: normal

Hello everyone!

According to [DSA-4244-1] thunderbird/1:52.9.1-1~deb9u1 fixes
CVE-2017-17689 in stretch (security), among other vulnerabilities.

However the tracker page for [CVE-2017-17689] seems to disagree,
while, on the other hand, referencing bug [#898631], which is claimed
to be fixed in oldstable, stable, testing, and unstable.

But please note that bug [#898631] does not mention CVE-2017-17689
at all!

Oh what a headache!
Which is wrong and which is right?

Could you please clarify and update the tracker data, if needed?

Thanks for your time!

[DSA-4244-1]: 

[CVE-2017-17689]: 
[#898631]: