from:"Francesco Poli \(wintermute\)"

Bug#992159: security-tracker: DSA-4957-1 vs. tracker

2021-08-14 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hi everyone!

In [DSA-4957-1], a number of CVEs are listed as fixed in trafficserver
for buster: CVE-2021-27577 CVE-2021-32566 CVE-2021-32567 CVE-2021-35474
CVE-2021-32565 .

However, the last one [CVE-2021-32565] is not present in the
corresponding [DSA tracker page], probably due to a typo in
the [changelog entry].

[DSA-4957-1]: 

[CVE-2021-32565]: 
[DSA tracker page]: 
[changelog entry]: 


If this is the case, please update the tracker data.
Thanks for your time!

Bug#988823: security-tracker: DSA-4917-1 vs. tracker

2021-05-19 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello everyone!

According to [DSA-4917-1], a number of CVEs are fixed in chromium
for buster: CVE-2021-30506 ÷ CVE-2021-30520.

The tracker [DSA page] agrees on that, but also refers to
[CVE-2021-3051], which is not mentioned in the DSA.

[DSA-4917-1]: 

[DSA page]: 
[CVE-2021-3051]: 

Is the DSA incomplete or does the tracker page need a correction?

Please let me know, and update the tracker data, if needed.
Thanks for your time!

Bug#959231: security-tracker: Proxy Error on CVE-2020-11565 tracker page

2020-05-01 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hi all!

I noticed that the tracker page for [CVE-2020-11565] fails to display
and returns the following error:

| Proxy Error
| 
| The proxy server received an invalid response from an upstream server.
| The proxy server could not handle the request
| 
| Reason: Error reading from remote server
| 
| Apache Server at security-tracker.debian.org Port 443

[CVE-2020-11565]: 

Please note that the CVE is mentioned in [DSA-4667-1].

[DSA-4667-1]: 


What's wrong with that tracker page?
Please fix anything that's missing.

Thanks for your time and dedication!

Bug#947686: security-tracker: DSA-4595-1 vs. tracker

2019-12-29 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello everyone!

According to [DSA-4595-1], CVE-2019-3467 is fixed in debian-lan-config
for stretch and buster.

However, the tracker [CVE page] does not seem to be linked to the
[DSA page], thus failing to show the correct fixed versions for
debian-lan-config.

Please update the tracker data, as appropriate.

Thanks for your time!

[DSA-4595-1]: 

[CVE page]: 
[DSA page]:

Bug#905304: security-tracker: DSA-4259-1 vs. tracker

2018-08-02 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello!

According to [DSA-4259-1], ruby2.3/2.3.3-1+deb9u3 fixes a number of
vulnerabilities, among which CVE-2017-17405, CVE-2017-17742,
CVE-2017-17790, and CVE-2018-6914.

However, the tracker pages for [CVE-2017-17405], [CVE-2017-17742],
[CVE-2017-17790], and [CVE-2018-6914] seem to disagree.

Is the tracker wrong?
Please update the tracker data, then.

Is the DSA wrong?
Please clarify (I searched in the tracker commit history on Salsa,
but I failed to find any explicit explanation about this
discrepancy...).

Thanks for your time!

[DSA-4259-1]: 

[CVE-2017-17405]: 
[CVE-2017-17742]: 
[CVE-2017-17790]: 
[CVE-2018-6914]:

Bug#903816: security-tracker: CVE-2017-17689 vs. tracker

2018-07-15 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello everyone!

According to [DSA-4244-1] thunderbird/1:52.9.1-1~deb9u1 fixes
CVE-2017-17689 in stretch (security), among other vulnerabilities.

However the tracker page for [CVE-2017-17689] seems to disagree,
while, on the other hand, referencing bug [#898631], which is claimed
to be fixed in oldstable, stable, testing, and unstable.

But please note that bug [#898631] does not mention CVE-2017-17689
at all!

Oh what a headache!
Which is wrong and which is right?

Could you please clarify and update the tracker data, if needed?

Thanks for your time!

[DSA-4244-1]: 

[CVE-2017-17689]: 
[#898631]:

Bug#813878: security-tracker: DSA-3464-1 vs. tracker

2016-02-06 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hi everyone!

DSA-3464-1 [1] states that several vulnerabilities are fixed in
rails/2:4.2.5.1-1 for sid, but the tracker claims that two of
them [2][3] are still unfixed in sid.

Is the DSA wrong or should the tracker data be updated?
Please clarify, thanks for your time!

[1] https://lists.debian.org/debian-security-announce/2016/msg00034.html
[2] https://security-tracker.debian.org/tracker/CVE-2015-3226
[3] https://security-tracker.debian.org/tracker/CVE-2015-3227

Bug#803591: security-tracker: DSA-3381-1 vs. tracker

2015-10-31 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello everybody!

DSA-3381-1 [1] states that several vulnerabilities are fixed in
openjdk-7/7u85-2.6.1-5 for sid, but the tracker [2] claims that many
of those vulnerabilities are only fixed in openjdk-7/7u85-2.6.1-6 .
Is that a typo in the DSA or should the tracker data be updated?

Moreover the tracker claims [3] that one of the vulnerabilities
(CVE-2015-4871) is unfixed in sid.
Again: is the DSA wrong or should the tracker data be updated?

Please clarify, thanks for your time!


[1] https://lists.debian.org/debian-security-announce/2015/msg00280.html
[2] see links for CVE ids in
https://security-tracker.debian.org/tracker/DSA-3381-1
[3] https://security-tracker.debian.org/tracker/CVE-2015-4871

Bug#792050: security-tracker: DSA-330[67]-1 vs. tracker

2015-07-10 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hi everybody!

The tracker pages [1][2] for DSA-3306-1 [3] and DSA-3307-1 [4]
do not seem to be linked with CVE-2015-1868 [5], which,
according to the tracker, seems to be fixed everywhere,
while the DSAs [3][4] seem to disagree.

Please fix the tracker data.

Thanks for your time!

[1] https://security-tracker.debian.org/tracker/DSA-3306-1
[2] https://security-tracker.debian.org/tracker/DSA-3307-1
[3] https://lists.debian.org/debian-security-announce/2015/msg00202.html
[4] https://lists.debian.org/debian-security-announce/2015/msg00203.html
[5] https://security-tracker.debian.org/tracker/CVE-2015-1868


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150710171544.3938.79032.reportbug@homebrew

Bug#789490: security-tracker: DSA-3290-1 vs. tracker

2015-06-21 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello!

DSA-3290-1 [1] states that CVE-2015-3636 is fixed in
linux/3.16.7-ckt11-1, but the tracker shows somewhat
self-inconsistent information about this vulnerability [2],
claiming that linux/3.16.7-ckt11-1 is fixed in jessie,
but vulnerable in stretch, despite being apparently the
same exact version.

Please clarify and/or fix the tracker data.

Thanks for your time!

[1] https://lists.debian.org/debian-security-announce/2015/msg00186.html
[2] https://security-tracker.debian.org/tracker/CVE-2015-3636


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150621134619.11901.89739.reportbug@homebrew

Bug#788685: security-tracker: DSA-3288-1 vs. tracker

2015-06-14 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello!

There seems to be no tracker page [1] for DSA-3288-1 [2], yet.
Please update the tracker data.

Thanks for your time!

[1] https://security-tracker.debian.org/tracker/DSA-3288-1
[2] https://lists.debian.org/debian-security-announce/2015/msg00183.html


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150614090306.4210.85902.reportbug@homebrew

Bug#777458: security-tracker: DSA-3156-1 vs. tracker

2015-02-08 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hi again,
DSA-3156-1 [1] states that CVE-2013-6933 is fixed in wheezy by
vlc/2.0.3-5+deb7u2+b1 and mplayer/2:1.0~rc4.dfsg1+svn34540-1+deb7u1 .
The CVE tracker page [2] seems to be unaware of these two fixed
versions for vlc and mplayer.

I don't know whether a binNMU can be correctly tracked, but I think
that at least the fixed version for mplayer should be tracked...

Please fix the tracker data.
Thanks for your time!

[1] https://lists.debian.org/debian-security-announce/2015/msg00041.html
[2] https://security-tracker.debian.org/tracker/CVE-2013-6933


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150208114710.6021.77251.reportbug@homebrew

Bug#777454: security-tracker: DSA-3155-1 vs. tracker

2015-02-08 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello everybody,
there seems to be something weird going on.

The tracker page [1] for DSA-3155-1 [2] looks OK: it states
that the vulnerabilities are fixed in wheezy by
postgresql-9.1/9.1.15-0+deb7u1 (in agreement with the DSA itself).

On the other hand, the CVE tracker pages [3][4][5][6], despite
being linked to DSA-3155-1, disagree with it, claiming that wheezy
is still vulnerable.

I thought that this was not even possible in the tracker!
Apparently I was wrong...
What did I fail to understand?

Please fix the tracker data.
Thanks for your time!

[1] https://security-tracker.debian.org/tracker/DSA-3155-1
[2] https://lists.debian.org/debian-security-announce/2015/msg00038.html
[3] https://security-tracker.debian.org/tracker/CVE-2014-8161
[4] https://security-tracker.debian.org/tracker/CVE-2015-0241
[5] https://security-tracker.debian.org/tracker/CVE-2015-0243
[6] https://security-tracker.debian.org/tracker/CVE-2015-0244


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150208112454.5782.59087.reportbug@homebrew

Bug#776718: security-tracker: DSA-3146-1 vs. tracker

2015-01-31 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello,
the tracker page [1] for DSA-3146-1 [2] seems to lack the links to
the relevant CVEs [3][4].

Please update the tracker data.
Thanks for your time.

[1] https://security-tracker.debian.org/tracker/DSA-3146-1
[2] https://lists.debian.org/debian-security-announce/2015/msg00029.html
[3] https://security-tracker.debian.org/tracker/CVE-2014-1829
[4] https://security-tracker.debian.org/tracker/CVE-2014-1830


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150131161135.7270.9048.reportbug@homebrew

Bug#776224: security-tracker: DSA-3139-1 vs. tracker

2015-01-25 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello everybody,
the tracker page [1] for DSA-3139-1 [2] seems to lack the link to
CVE-2014-3609 [3].

Please fix the tracker data.
Thanks for your time!


[1] https://security-tracker.debian.org/tracker/DSA-3139-1
[2] https://lists.debian.org/debian-security-announce/2015/msg00022.html
[3] https://security-tracker.debian.org/tracker/CVE-2014-3609


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150125170623.11108.63841.reportbug@homebrew

Bug#773322: security-tracker: DSA-3104-1 vs. tracker

2014-12-16 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello!

DSA-3104-1 [1] states, in part:

|  An older security vulnerability, CVE-2004-2771, had already
|  been addressed in the Debian's bsd-mailx package.

However, the tracker [2] seems to disagree, as it claims that
all versions of bsd-mailx in Debian are currently vulnerable...
I think the problem is an extra epoch in the (unstable) fixed
version for bsd-mailx: this time the epoch is in the tracker data,
but not in the actual package versions (contrary to the usual
missing epoch issues that I frequently spot!).

Please fix the tracker data.
Thanks for your time!

[1] https://lists.debian.org/debian-security-announce/2014/msg00294.html
[2] https://security-tracker.debian.org/tracker/CVE-2004-2771


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20141216215002.4796.83564.reportbug@homebrew

Bug#773100: security-tracker: DSA-3100-1 vs. tracker

2014-12-14 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hi all!

DSA-3100-1 [1] seems to lack an epoch in the stable fixed version.
The tracker reflects the DSA [2]: please fix the tracker data!

Thanks for your time.

[1] https://lists.debian.org/debian-security-announce/2014/msg00290.html
[2] https://security-tracker.debian.org/tracker/DSA-3100-1


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20141214104214.4074.38850.reportbug@homebrew

Bug#772775: security-tracker: DSA-3095-1 vs. tracker

2014-12-10 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello!

It seems to me that DSA-3095-1 [1] lacks an epoch in the stable fixed
version.
The tracker reflects the DSA [2]: please fix the tracker data!

Thanks for your time.

[1] https://lists.debian.org/debian-security-announce/2014/msg00285.html
[2] https://security-tracker.debian.org/tracker/DSA-3095-1


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20141210225940.10639.93177.reportbug@homebrew

Bug#771121: security-tracker: often returns 502 Proxy Error

2014-11-26 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: important

Hello everybody!

I have been experiencing frequent issues with the web interface of the
security tracker for some weeks and I am still experiencing them:
when visiting the tracker pages [1], I often get the following error
message in my browser:

| Proxy Error
| 
| The proxy server received an invalid response from an upstream server.
| The proxy server could not handle the request GET /tracker/DSA-3077-1.
| 
| Reason: Error reading from remote server
| 
| Apache Server at security-tracker.debian.org Port 443

After a (variable) number of attempts, the web server finally decides
that the page is to be served and everything seems to work fine, until
another error message appears when visiting some other page.

Am I the only one who experiences such issues?
I was hoping to see the problem fixed, but no joy yet...

Could someone please investigate the issue and fix it?
Thanks a lot for your time!

Bye.


[1] such as, for instance,
https://security-tracker.debian.org/tracker/DSA-3077-1


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20141126225626.9367.40214.reportbug@homebrew

Bug#767654: security-tracker: DSA-3061-1 vs. tracker

2014-11-01 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hi all!
DSA-3061-1 [1] states that several vulnerabilities are fixed in sid
by icedove/31.2.0-1, but the tracker [2] seems to disagree (claiming
that sid is still unfixed).

[1] https://lists.debian.org/debian-security-announce/2014/msg00249.html
[2] https://security-tracker.debian.org/tracker/DSA-3061-1

Please update the tracker data.
Thanks for your time!

Bye.


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20141101173203.13774.16539.reportbug@homebrew

Bug#755949: security-tracker: DSA-2986-1 vs. tracker

2014-07-24 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hi all!
DSA-2986-1 [1] states that a number of vulnerabilities are fixed in sid
by iceweasel/31.0-1, but the tracker [2] seems to disagree for
CVE-2014-1544 (which is claimed to still affect sid).

[1] https://lists.debian.org/debian-security-announce/2014/msg00168.html
[2] https://security-tracker.debian.org/tracker/CVE-2014-1544

Please update the tracker.
Thanks for your time!

Bye.


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140724200156.7464.97365.reportbug@homebrew

Bug#752110: security-tracker: DSA-2962-1 vs. tracker

2014-06-19 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello everybody!
DSA-2962-1 [1] states that CVE-2014-1545 is fixed in sid by
nspr/2:4.10.6-1, but the tracker [2] seems to disagree (it currenctly
claims that sid is still vulnerable).

[1] https://lists.debian.org/debian-security-announce/2014/msg00143.html
[2] https://security-tracker.debian.org/tracker/CVE-2014-1545

Please update the tracker data.
Thanks for your time!

Bye.


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140619172018.4540.77449.reportbug@homebrew

Bug#749082: security-tracker: DSA-2935-1 vs. tracker

2014-05-23 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello all!
It seems to me that the tracker data [1] for DSA-2935-1 [2] misses
an epoch in the wheezy fixed version of package libgadu.

[1] https://security-tracker.debian.org/tracker/DSA-2935-1
[2] https://lists.debian.org/debian-security-announce/2014/msg00116.html

Please fix the tracker data.
Bye and thanks for your time!


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140523211515.8488.35387.reportbug@homebrew

Bug#743246: security-tracker: DSA-2893-1 vs. tracker

2014-03-31 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello again!
The tracker data [1] for DSA-2893-1 [2] seems to miss an epoch for both
fixed versions of package openswan.

[1] https://security-tracker.debian.org/tracker/DSA-2893-1
[2] https://lists.debian.org/debian-security-announce/2014/msg00067.html

Please fix the data: thanks for your time!
Bye.


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140331210049.7671.78903.reportbug@homebrew

Bug#743046: security-tracker: DSA-2891-1 vs. tracker

2014-03-30 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello!
The tracker data [1] for DSA-2891-1 [2] seems to miss an epoch for the
wheezy fixed version of package mediawiki.

[1] https://security-tracker.debian.org/tracker/DSA-2891-1
[2] https://lists.debian.org/debian-security-announce/2014/msg00064.html

Please fix the data.
Thanks for your time!

Bye.


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140330130947.4598.58763.reportbug@homebrew

Bug#738584: security-tracker: DSA-2858-1 vs. tracker

2014-02-10 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello all,
DSA-2858-1 [1] states that several vulnerabilities have been fixed
in sid by iceweasel/24.3.0esr-1, but the tracker disagrees for
two of them [2][3] (the tracker claims that sid is still vulnerable).

[1] https://lists.debian.org/debian-security-announce/2014/msg00028.html
[2] https://security-tracker.debian.org/tracker/CVE-2014-1490
[3] https://security-tracker.debian.org/tracker/CVE-2014-1491

Please clarify and/or update the tracker data.
Thanks for your time!


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140210205719.6107.79674.reportbug@homebrew

Bug#738202: security-tracker: DSA-2856-1 vs. tracker

2014-02-08 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello,
DSA-2856-1 [1] states that CVE-2014-0050 is fixed in oldstable and
stable security updates for libcommons-fileupload-java.

[1] https://lists.debian.org/debian-security-announce/2014/msg00026.html

The tracker seems to agree on its DSA page [2], but seems to miss the
link with the CVE. As a consequence the CVE page [3] still shows
libcommons-fileupload-java as vulnerable in oldstable (security) and
stable (security)...

[2] https://security-tracker.debian.org/tracker/DSA-2856-1
[3] https://security-tracker.debian.org/tracker/CVE-2014-0050

Please update the tracker data accordingly.

Thanks for your time!
Bye.


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140208161009.6693.75010.reportbug@homebrew

Bug#735939: security-tracker: DSA-2846-1 vs. tracker

2014-01-18 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello everybody,
DSA-2846-1 [1] says that two vulnerabilities have been fixed in sid
by libvirt/1.2.1-1 .

The tracker seems to agree for CVE-2014-1447, but not for
CVE-2013-6458, which is claimed to be still present in sid [2].

I think the tracker data should be updated.
Thanks for your time!


[1] https://lists.debian.org/debian-security-announce/2014/msg00015.html
[2] https://security-tracker.debian.org/tracker/CVE-2013-6458


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140118211752.8092.79157.reportbug@homebrew

Bug#732575: security-tracker: DSA-2822-1 vs. tracker

2013-12-18 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hi all!
It seems to me that the squeeze and wheezy fixed versions of
xorg-server are missing an epoch in DSA-2822-1 [1][2].

[1] https://lists.debian.org/debian-security-announce/2013/msg00236.html
[2] https://security-tracker.debian.org/tracker/DSA-2822-1

Please fix the tracker data.
Thanks a lot for your time!

Bye.


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131218224552.7217.19089.reportbug@homebrew

Bug#721660: security-tracker: DSA-2749-1 vs. tracker

2013-09-02 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hi all,
it seems to me that there's a missing epoch in the wheezy fixed version
of asterisk for DSA-2749-1 [1][2].

[1] https://lists.debian.org/debian-security-announce/2013/msg00160.html
[2] https://security-tracker.debian.org/tracker/DSA-2749-1

Please fix the tracker data.
Thanks for your time!


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130902203457.9624.51456.reportbug@homebrew

Bug#718170: security-tracker: DSA-2728-1 vs. tracker

2013-07-28 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello everybody,
it seems to me that there is no tracker page [1] for DSA-2728-1 [2].

Please update the tracker.
Thanks for your time.

[1] https://security-tracker.debian.org/tracker/DSA-2728-1
[2] https://lists.debian.org/debian-security-announce/2013/msg00138.html


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130728101533.10496.40073.reportbug@homebrew

Bug#717103: security-tracker: DSA-2722-1 vs. tracker

2013-07-16 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hi,
DSA-2722-1 [1] says that many vulnerabilities have been fixed for
sid in openjdk-7/7u25-2.3.10-1 .

The tracker seems to agree for all the vulnerabilities but CVE-2013-2454,
which is claimed to be still present in sid [2].
Is that an oversight?

Please clarify and/or update the tracker data.
Thanks for your time!

[1] https://lists.debian.org/debian-security-announce/2013/msg00132.html
[2] https://security-tracker.debian.org/tracker/CVE-2013-2454


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130716203846.11985.65080.reportbug@homebrew

Bug#710056: security-tracker: some release pages fail to display with Proxy Error

2013-05-27 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: important

Hello everybody.
I've just noticed that some release pages no longer work and return
a Proxy Error instead.
For instance:
https://security-tracker.debian.org/tracker/status/release/unstable?show_undetermined_urgency=1

currently displays:

| Proxy Error
| 
| The proxy server received an invalid response from an upstream server.
| The proxy server could not handle the request GET 
/tracker/status/release/unstable.
| 
| Reason: Error reading from remote server
| 
| Apache Server at security-tracker.debian.org Port 443

Other similar release pages (with URL parameters) suffer from the same
issue.

What's wrong?
Could you please investigate and fix this issue?

Thanks a lot for your time!


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130527220950.5910.60676.reportbug@homebrew

Bug#709893: security-tracker: DSA-2692-1 vs. tracker

2013-05-26 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello,
DSA-2692-1 [1] says that CVE-2013-2001 has been fixed for sid in
libxxf86vm/1:1.1.2-1+deb7u1 .

On the other hand, the tracker [2] seems to disagree: it currently
claims that the fixed version for unstable is 2:1.1.3-2+deb7u1 ...
Is that a typo?

Please clarify and/or update the tracker data.
Thanks for your time!


[1] https://lists.debian.org/debian-security-announce/2013/msg00100.html
[2] https://security-tracker.debian.org/tracker/CVE-2013-2001


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130526144643.13361.25161.reportbug@homebrew

Bug#709894: security-tracker: DSA-2694-1 vs. tracker

2013-05-26 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello again,
there seems to be no tracker page [1] for DSA-2694-1 [2].

Please update the tracker data.
Thanks again for your time!

[1] https://security-tracker.debian.org/tracker/DSA-2694-1
[2] https://lists.debian.org/debian-security-announce/2013/msg00103.html


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130526144850.13418.58347.reportbug@homebrew

Bug#700115: security-tracker: DSA-2618-1 vs. tracker

2013-02-08 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello,
it seems to me that an epoch is missing from the squeeze fixed version
of package ircd-hybrid in the tracker page [1] for DSA-2618-1 [2].

Please fix the tracker data.
Thanks for your time!

[1] https://security-tracker.debian.org/tracker/DSA-2618-1
[2] https://lists.debian.org/debian-security-announce/2013/msg00022.html

P.S.: to be precise, the epoch seems to be missing from the actual
  DSA too, but that is not going to be fixed, I guess...
  


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130208213702.5557.90246.reportbug@homebrew

Bug#699605: security-tracker: DSA-2614-1,DSA-2615-1 vs. tracker

2013-02-02 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hi all,
DSA-2614-1 [1] and DSA-2615-1 [2] state that several vulnerabilities
have been fixed in sid by libupnp/1:1.6.17-1.2 and by
libupnp4/1.8.0~svn20100507-1.2 .
However, the tracker seems to disagree [3][4][5][6][7][8][9][10]
(it still claims that unstable is unfixed).

Please update the tracker data.
Thanks for your time!

 [1] https://lists.debian.org/debian-security-announce/2013/msg00018.html
 [2] https://lists.debian.org/debian-security-announce/2013/msg00019.html
 [3] https://security-tracker.debian.org/tracker/CVE-2012-5958
 [4] https://security-tracker.debian.org/tracker/CVE-2012-5959
 [5] https://security-tracker.debian.org/tracker/CVE-2012-5960
 [6] https://security-tracker.debian.org/tracker/CVE-2012-5961
 [7] https://security-tracker.debian.org/tracker/CVE-2012-5962
 [8] https://security-tracker.debian.org/tracker/CVE-2012-5963
 [9] https://security-tracker.debian.org/tracker/CVE-2012-5964
[10] https://security-tracker.debian.org/tracker/CVE-2012-5965


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130202114838.4762.75273.reportbug@homebrew

Bug#694663: security-tracker: DSA-2578-1 vs. tracker

2012-11-28 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello,
although DSA-2578-1 [1] has been recently issued, the tracker
still seems to be unaware of it [2].

Please update the tracker data.

Thanks!


[1] https://lists.debian.org/debian-security-announce/2012/msg00221.html
[2] http://security-tracker.debian.org/tracker/DSA-2578-1


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20121128201015.6112.79320.reportbug@homebrew

Bug#690807: security-tracker: DSA-2559-1 vs. tracker

2012-10-17 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hi all,
DSA-2559-1 [1] was issued, but the tracker seems to know nothing
about it [2] yet.

Please update the tracker data.

Thanks for your time!

[1] https://lists.debian.org/debian-security-announce/2012/msg00203.html
[2] http://security-tracker.debian.org/tracker/DSA-2559-1


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20121017195308.20540.6602.reportbug@homebrew

Bug#685843: security-tracker: DSA-2533-1 vs. tracker

2012-08-25 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello,
DSA-2533-1 [1] states that four vulnerabilities are fixed in sid
by pcp/3.6.5
The tracker [2][3][4][5] seems to disagree.

Please update the tracker data.
Thanks for your time!


[1] https://lists.debian.org/debian-security-announce/2012/msg00174.html
[2] http://security-tracker.debian.org/tracker/CVE-2012-3418
[3] http://security-tracker.debian.org/tracker/CVE-2012-3419
[4] http://security-tracker.debian.org/tracker/CVE-2012-3420
[5] http://security-tracker.debian.org/tracker/CVE-2012-3421


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120825093456.4570.17108.reportbug@homebrew

Bug#685280: security-tracker: DSA-2531-1 vs. tracker

2012-08-19 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello,
DSA-2531-1 has been recently issued [1], but the corresponding tracker
page [2] is basically empty.

Please update the tracker data.
Thanks for your time!

[1] https://lists.debian.org/debian-security-announce/2012/msg00172.html
[2] http://security-tracker.debian.org/tracker/DSA-2531-1


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120819094126.13594.73423.reportbug@lilith

Bug#683916: security-tracker: DSA-2520-1 vs. tracker

2012-08-05 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello!

DSA-2520-1 [1] and the corresponding tracker page [2] state that
CVE-2012-2665 has been fixed in stable by
openoffice.org/3.2.1-11+squeeze7.
I believe that an epoch is missing, since the version number
of the openoffice.org package currently in stable is already
1:3.2.1-11+squeeze4.

Please update the tracker data.

Thanks for your time!

[1] https://lists.debian.org/debian-security-announce/2012/msg00160.html
[2] http://security-tracker.debian.org/tracker/DSA-2520-1


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120805124226.6023.69669.reportbug@homebrew

Bug#683921: security-tracker: DSA-2519-2 vs. tracker

2012-08-05 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hi!

DSA-2519-2 has been issued [1], stating that the previously
announced security patches were not really applied to
isc-dhcp/4.1.1-P1-15+squeeze5, an issue that has been fixed
in isc-dhcp/4.1.1-P1-15+squeeze6.

[1] https://lists.debian.org/debian-security-announce/2012/msg00161.html

Hence, it is my understanding that isc-dhcp/4.1.1-P1-15+squeeze5
is still vulnerable to CVE-2011-4539, CVE-2012-3571, and CVE-2012-3954,
while isc-dhcp/4.1.1-P1-15+squeeze6 is fixed.

On the other hand, the tracker still seems to consider
isc-dhcp/4.1.1-P1-15+squeeze5 as fixed, and shows no trace of
DSA-2519-2 (the corresponding tracker page [2] still redirects
to the one for DSA-2519-1).

[2] http://security-tracker.debian.org/tracker/DSA-2519-2

Please update the tracker data.

Thanks again for your time!


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120805125126.6203.92101.reportbug@homebrew

Bug#683922: security-tracker: DSA-2521-1 vs. tracker

2012-08-05 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello!

DSA-2521-1 [1] has been recently issued, but the tracker [2] seems to be
still unaware of it.

Please update the tracker data.

Thanks for your time!

[1] https://lists.debian.org/debian-security-announce/2012/msg00162.html
[2] http://security-tracker.debian.org/tracker/DSA-2521-1


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120805125715.6424.81946.reportbug@homebrew

Bug#681524: security-tracker: DSA-2511-1 vs. tracker

2012-07-13 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hi!

DSA-2511-1 [1] says that CVE-2012-386[4-7] are fixed in sid by
puppet/2.7.18-1, but the tracker seems to disagree [2].

I suppose the DSA is right: if this is the case, please update
the tracker data.
Thanks for your time!


[1] https://lists.debian.org/debian-security-announce/2012/msg00149.html
[2] http://security-tracker.debian.org/tracker/CVE-2012-3864 and so forth



-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120713212855.6556.74354.reportbug@homebrew

Bug#679563: security-tracker: DSA-2503-1 vs. tracker

2012-06-29 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello everybody!

DSA-2503-1 [1] states that CVE-2012-3366 is fixed in sid by
bcfg2/1.2.2-2, but the tracker [2] seems to disagree.

I think that the DSA is probably right, since the BTS seems to
tell the same story [3].

Please update the tracker data.
Thanks for your time!

[1] https://lists.debian.org/debian-security-announce/2012/msg00143.html
[2] http://security-tracker.debian.org/tracker/CVE-2012-3366
[3] http://bugs.debian.org/679272



-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120629192750.4649.70065.reportbug@homebrew

Bug#669286: security-tracker: DSA-2453-1 vs. tracker

2012-04-18 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello,
DSA-2453-1 [1] states that three vulnerabilities are fixed in
wheezy and sid by gajim/0.15-1, but the tracker seems to disagree
regarding CVE-2012-2093 [2], which is still considered as unfixed
in gajim/0.15-1 ...

Please update the tracker data, as appropriate.
Thanks for your time!

[1] https://lists.debian.org/debian-security-announce/2012/msg00083.html
[2] http://security-tracker.debian.org/tracker/CVE-2012-2093



-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120418192428.14551.17631.reportbug@homebrew

Bug#658545: security-tracker: DSA-2401-1 vs. tracker

2012-02-03 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello!

DSA-2401-1 [1] claims that a number of referenced vulnerabilities
are fixed in sid by tomcat6/6.0.35-1
However, two vulnerabilities (CVE-2011-3190 [2] and CVE-2011-4858 [3])
out of the 10 referenced ones are shown as not fixed in sid and wheezy
on the tracker.

Is the DSA wrong or is the tracker incorrect?
In the latter case, please fix the tracker data.
Otherwise, please clarify.

Thanks for your time!

[1] http://lists.debian.org/debian-security-announce/2012/msg00025.html
[2] http://security-tracker.debian.org/tracker/CVE-2011-3190
[3] http://security-tracker.debian.org/tracker/CVE-2011-4858



-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120203214653.7694.54376.reportbug@homebrew

Bug#657648: security-tracker: DSA-2394-1 vs. tracker

2012-01-27 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hello!

The tracker page [1] for DSA-2394-1 [2] seems to be almost empty.
Please fix the tracker data.

Thanks for your time!

[1] http://security-tracker.debian.org/tracker/DSA-2394-1
[2] http://lists.debian.org/debian-security-announce/2012/msg00018.html



-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120127180547.3287.10418.reportbug@homebrew

Bug#655960: security-tracker: DSA-2388-1 vs. tracker

2012-01-15 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hi!

The tracker page [1] for DSA-2388-1 [2] looks OK, but some of the
referenced CVE tracker pages [3][4] claim that t1lib/5.1.2-3.3 is still
vulnerable in wheezy and sid, while the DSA [2] claims that all the
CVEs are fixed in wheezy and sid by t1lib/5.1.2-3.3 ...

Assuming that the DSA is right and the tracker is wrong, please
fix this inconsistency.

Thanks for your time!

[1] http://security-tracker.debian.org/tracker/CVE-2010-2642
[2] http://lists.debian.org/debian-security-announce/2012/msg00011.html
[3] http://security-tracker.debian.org/tracker/CVE-2010-2642
[4] http://security-tracker.debian.org/tracker/CVE-2011-0433



-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120115115354.7889.27573.reportbug@homebrew

Bug#653278: security-tracker: DSA-237[23]-1 vs. tracker

2011-12-26 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hi!

There seem to be no tracker pages [1][2] for DSA-2372-1 [3] or for
DSA-2373-1 [4].

Please update the tracker data.
Thanks for your time!

[1] http://security-tracker.debian.org/tracker/DSA-2372-1
[2] http://security-tracker.debian.org/tracker/DSA-2373-1
[3] http://lists.debian.org/debian-security-announce/2011/msg00251.html
[4] http://lists.debian.org/debian-security-announce/2011/msg00252.html



-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20111226114410.5646.90451.reportbug@homebrew

Bug#646217: security-tracker: DSA-2324-1 vs. tracker

2011-10-22 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hi,
DSA-2324-1 [1] states that wireshark/1.6.2-1 fixes CVE-2011-3360
in sid.
However, the tracker page for the CVE [2] seems to ignore this
fact.

Assuming the DSA is correct, please update the tracker data.
Thanks for your time.

[1] http://lists.debian.org/debian-security-announce/2011/msg00200.html
[2] http://security-tracker.debian.org/tracker/CVE-2011-3360



-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20111022105230.3697.79186.reportbug@homebrew

Bug#643901: security-tracker: DSA-2313-1 vs. tracker

2011-09-30 Thread Francesco Poli (wintermute)

Package: security-tracker
Severity: normal

Hi!

It seems that there's no tracker page [1] for DSA-2313-1 [2], yet.
Please update the tracker data.

Thanks for your time.

[1] http://security-tracker.debian.org/tracker/DSA-2313-1
[2] http://lists.debian.org/debian-security-announce/2011/msg00190.html



-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110930165237.3774.22337.reportbug@homebrew

53 matches

Mail list logo