On Sat, Nov 10, 2007 at 07:35:38PM +0100, Thijs Kinkhorst wrote:
Hi All,
On Friday 9 November 2007 23:52, Francesco Poli wrote:
Hi all again!
DSA 1404-1 [1] claims that gallery2 version 2.1.2-2.0.etch.1 fixes
CVE-2007-4650 for etch.
The DSA page [2] seems to confirm this.
However the CVE page [3] tells a different story: it states that version
2.1.2-2.0.etch.1 is vulnerable.
Is this a security-tracker internal inconsistency?
I'm a bit confused by this. The tracker information now says:
CVE-2007-4650 (Multiple unspecified vulnerabilities in Gallery before 2.2.3
allow ...)
{DSA-1404-1}
- gallery2 2.2.3-1
[etch] - gallery2 unfixed (bug #441407)
Suite-specific unfixed entries should not be used for the exact reason
Francesco reported: The suited-specific tag overlays the general entry
set by the DSA/list data. It's also not necessary here, since
- gallery2 2.2.3-1 marks all older versions implicitly as unfixed.
The few cornercases where suite-specific unfixed entries are useful are
cases, where a source package has been renamed and is no longer present
in unstable.
Since it's not obvious it should be added to the Tracker docs (unless it
exists already)
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]