Re: DSA-2268-1 vs. tracker
On Sun, 3 Jul 2011 22:14:26 +0200 Moritz Mühlenhoff wrote: > On Sat, Jul 02, 2011 at 04:48:26PM +0200, Francesco Poli wrote: > > Another issue, though a minor one, is that the DSA [1] lists > > CVE-2011-2365 as one of the addressed vulnerabilities, but fails to > > include a description for that CVE id. > > The tracker page [4] refers to that CVE id as well, and indeed it seems > > that this CVE id is about iceweasel. > > If this CVE id is really fixed by DSA-2268-1, then I think that the > > tracker is consistent with the DSA. > > Otherwise, please fix the tracker data. > > It was fixed in the DSA. Perfect! Everything in the tracker looks OK now. Thanks for your kind reply. -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgpN4eG6yuWNV.pgp Description: PGP signature
Re: DSA-2268-1 vs. tracker
On Sat, Jul 02, 2011 at 04:48:26PM +0200, Francesco Poli wrote: > Another issue, though a minor one, is that the DSA [1] lists > CVE-2011-2365 as one of the addressed vulnerabilities, but fails to > include a description for that CVE id. > The tracker page [4] refers to that CVE id as well, and indeed it seems > that this CVE id is about iceweasel. > If this CVE id is really fixed by DSA-2268-1, then I think that the > tracker is consistent with the DSA. > Otherwise, please fix the tracker data. It was fixed in the DSA. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110703201426.GB3411@pisco.westfalen.local
Re: DSA-2268-1 vs. tracker
On Sat, 2 Jul 2011 16:48:26 +0200 Francesco Poli wrote: [...] > It says that several CVE ids are fixed in iceweasel/3.5.16-9 for stable. > However I cannot find any trace of that version [...] Hi again, I've just written to about this first issue, since I remembered that this kind of problems should be reported there. I hope they explain or fix the issue soon. > Another issue, though a minor one, is that the DSA [...] lists > CVE-2011-2365 as one of the addressed vulnerabilities, but fails to > include a description for that CVE id. > The tracker page [...] refers to that CVE id as well, and indeed it seems > that this CVE id is about iceweasel. > If this CVE id is really fixed by DSA-2268-1, then I think that the > tracker is consistent with the DSA. > Otherwise, please fix the tracker data. This second issue, if confirmed, is instead tracker-specific: please clarify or fix it. -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgphycJEUNT9L.pgp Description: PGP signature
DSA-2268-1 vs. tracker
Hello everybody, there's something I cannot quite understand about DSA-2268-1 [1]. It says that several CVE ids are fixed in iceweasel/3.5.16-9 for stable. However I cannot find any trace of that version on the PTS [2], or on security.d.o [3]. What's wrong? Where did the upload go? Is the upload for stable-security still in preparation? Another issue, though a minor one, is that the DSA [1] lists CVE-2011-2365 as one of the addressed vulnerabilities, but fails to include a description for that CVE id. The tracker page [4] refers to that CVE id as well, and indeed it seems that this CVE id is about iceweasel. If this CVE id is really fixed by DSA-2268-1, then I think that the tracker is consistent with the DSA. Otherwise, please fix the tracker data. [1] http://lists.debian.org/debian-security-announce/2011/msg00139.html [2] http://packages.qa.debian.org/i/iceweasel.html [3] http://security.debian.org/debian-security/pool/updates/main/i/iceweasel/ [4] http://security-tracker.debian.org/tracker/DSA-2268-1 -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgpCa6s04KwFb.pgp Description: PGP signature