Bug#655960: security-tracker: DSA-2388-1 vs. tracker
Package: security-tracker Severity: normal Hi! The tracker page [1] for DSA-2388-1 [2] looks OK, but some of the referenced CVE tracker pages [3][4] claim that t1lib/5.1.2-3.3 is still vulnerable in wheezy and sid, while the DSA [2] claims that all the CVEs are fixed in wheezy and sid by t1lib/5.1.2-3.3 ... Assuming that the DSA is right and the tracker is wrong, please fix this inconsistency. Thanks for your time! [1] http://security-tracker.debian.org/tracker/CVE-2010-2642 [2] http://lists.debian.org/debian-security-announce/2012/msg00011.html [3] http://security-tracker.debian.org/tracker/CVE-2010-2642 [4] http://security-tracker.debian.org/tracker/CVE-2011-0433 -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120115115354.7889.27573.reportbug@homebrew
Bug#655960: security-tracker: DSA-2388-1 vs. tracker
On dim., 2012-01-15 at 12:53 +0100, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hi! The tracker page [1] for DSA-2388-1 [2] looks OK, but some of the referenced CVE tracker pages [3][4] claim that t1lib/5.1.2-3.3 is still vulnerable in wheezy and sid, while the DSA [2] claims that all the CVEs are fixed in wheezy and sid by t1lib/5.1.2-3.3 ... Assuming that the DSA is right and the tracker is wrong, please fix this inconsistency. Thanks for your time! You're perfectly right, wheezy/sid doesn't have a fix for 2011-0433 and 2010-2642, for some reason. I'm gonna prepare another NMU and an errata for the DSA. Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Bug#655960: security-tracker: DSA-2388-1 vs. tracker
On Sun, 15 Jan 2012 13:42:50 +0100 Yves-Alexis Perez wrote: On dim., 2012-01-15 at 12:53 +0100, Francesco Poli (wintermute) wrote: [...] Assuming that the DSA is right and the tracker is wrong, please fix this inconsistency. [...] You're perfectly right, wheezy/sid doesn't have a fix for 2011-0433 and 2010-2642, for some reason. Ah, so it was the opposite of what I thought: the tracker was right, while the DSA was wrong! I'm gonna prepare another NMU and an errata for the DSA. Great! I am happy to see things getting fixed up! ;-) Regards, Bye, and thanks a lot for your much appreciated dedication to security! -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgpA5bT63t8UT.pgp Description: PGP signature
Bug#655960: security-tracker: DSA-2388-1 vs. tracker
On Sun, Jan 15, 2012 at 7:42 AM, Yves-Alexis Perez wrote: On dim., 2012-01-15 at 12:53 +0100, Francesco Poli (wintermute) wrote: Package: security-tracker Severity: normal Hi! The tracker page [1] for DSA-2388-1 [2] looks OK, but some of the referenced CVE tracker pages [3][4] claim that t1lib/5.1.2-3.3 is still vulnerable in wheezy and sid, while the DSA [2] claims that all the CVEs are fixed in wheezy and sid by t1lib/5.1.2-3.3 ... Assuming that the DSA is right and the tracker is wrong, please fix this inconsistency. Thanks for your time! You're perfectly right, wheezy/sid doesn't have a fix for 2011-0433 and 2010-2642, for some reason. I'm gonna prepare another NMU and an errata for the DSA. You shouldn't need to send another announcement for a minor correction like this. Correcting it in the tracker is sufficient. Mike -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CANTw=MMDdrnmHyffoy3_ms6KWf4=jawywfjuyqj6+qdmcy6...@mail.gmail.com