Package: security-tracker
Severity: normal
Hi everyone!
In [DSA-4957-1], a number of CVEs are listed as fixed in trafficserver
for buster: CVE-2021-27577 CVE-2021-32566 CVE-2021-32567 CVE-2021-35474
CVE-2021-32565 .
However, the last one [CVE-2021-32565] is not present in the
corresponding [DSA
Package: security-tracker
Severity: normal
Hello everyone!
According to [DSA-4917-1], a number of CVEs are fixed in chromium
for buster: CVE-2021-30506 ÷ CVE-2021-30520.
The tracker [DSA page] agrees on that, but also refers to
[CVE-2021-3051], which is not mentioned in the DSA.
[DSA-4917-1]:
boratory!
..... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
pgpNuLgDOIrRn.pgp
Description: PGP signature
Package: security-tracker
Severity: normal
Hi all!
I noticed that the tracker page for [CVE-2020-11565] fails to display
and returns the following error:
| Proxy Error
|
| The proxy server received an invalid response from an upstream server.
| The proxy server could not handle the request
|
|
Package: security-tracker
Severity: normal
Hello everyone!
According to [DSA-4595-1], CVE-2019-3467 is fixed in debian-lan-config
for stretch and buster.
However, the tracker [CVE page] does not seem to be linked to the
[DSA page], thus failing to show the correct fixed versions for
debian-lan-c
Package: security-tracker
Severity: normal
Hello!
According to [DSA-4259-1], ruby2.3/2.3.3-1+deb9u3 fixes a number of
vulnerabilities, among which CVE-2017-17405, CVE-2017-17742,
CVE-2017-17790, and CVE-2018-6914.
However, the tracker pages for [CVE-2017-17405], [CVE-2017-17742],
[CVE-2017-17790
631]...
[CVE-2017-17689]: <https://security-tracker.debian.org/tracker/CVE-2017-17689>
[#898631]: <https://bugs.debian.org/898631>
--
http://www.inventati.org/frx/
There's not a second to spare! To the laboratory!
..... Francesc
Package: security-tracker
Severity: normal
Hello everyone!
According to [DSA-4244-1] thunderbird/1:52.9.1-1~deb9u1 fixes
CVE-2017-17689 in stretch (security), among other vulnerabilities.
However the tracker page for [CVE-2017-17689] seems to disagree,
while, on the other hand, referencing bug [
On Mon, 16 Oct 2017 23:17:01 +0200 Moritz Mühlenhoff wrote:
> On Mon, Oct 16, 2017 at 07:47:57PM +0200, Francesco Poli wrote:
> > Should I just trust my intuition and fix the version tracking info of
> > those three RC bugs, as said in my message?
>
> Yes.
Done,
Thanks for you time and for any help you may provide.
--
http://www.inventati.org/frx/
There's not a second to spare! To the laboratory!
..... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
pgpWMKZ
ed to various CNAs leading to the 5000s
> > being currently assigned.
>
> Indeeed, closing.
Thanks for clarifying.
I stand corrected, sorry for the noise!
Bye.
--
http://www.inventati.org/frx/
There's not a second to spare! To the laboratory!
.....
Package: security-tracker
Severity: normal
Hello everyone!
DSA-3756-1 [1] claims to talk about CVE-2017-5208 [2], but the CVE
official list seems to know nothing about it [3].
Actually, have *so many* vulnerabilities been already indexed in the
just started year 2017 ?!?
Is this a typo? Which is
Package: security-tracker
Severity: normal
Hi everyone!
DSA-3464-1 [1] states that several vulnerabilities are fixed in
rails/2:4.2.5.1-1 for sid, but the tracker claims that two of
them [2][3] are still unfixed in sid.
Is the DSA wrong or should the tracker data be updated?
Please clarify, than
Package: security-tracker
Severity: normal
Hello everybody!
DSA-3381-1 [1] states that several vulnerabilities are fixed in
openjdk-7/7u85-2.6.1-5 for sid, but the tracker [2] claims that many
of those vulnerabilities are only fixed in openjdk-7/7u85-2.6.1-6 .
Is that a typo in the DSA or should
Package: security-tracker
Severity: normal
Hi everybody!
The tracker pages [1][2] for DSA-3306-1 [3] and DSA-3307-1 [4]
do not seem to be linked with CVE-2015-1868 [5], which,
according to the tracker, seems to be fixed everywhere,
while the DSAs [3][4] seem to disagree.
Please fix the tracker d
Package: security-tracker
Severity: normal
Hello!
DSA-3290-1 [1] states that CVE-2015-3636 is fixed in
linux/3.16.7-ckt11-1, but the tracker shows somewhat
self-inconsistent information about this vulnerability [2],
claiming that linux/3.16.7-ckt11-1 is fixed in jessie,
but vulnerable in stretch,
Package: security-tracker
Severity: normal
Hello!
There seems to be no tracker page [1] for DSA-3288-1 [2], yet.
Please update the tracker data.
Thanks for your time!
[1] https://security-tracker.debian.org/tracker/DSA-3288-1
[2] https://lists.debian.org/debian-security-announce/2015/msg00183.h
second to lose! To the laboratory!
..... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
pgp1oVS56wDsi.pgp
Description: PGP signature
On Fri, 1 May 2015 11:20:26 +0200 Francesco Poli wrote:
[...]
> The tracker situation still seems to be broken to me...
Still broken...
--
http://www.inventati.org/frx/
There's not a second to lose! To the laboratory!
..... France
On Mon, 27 Apr 2015 19:59:16 +0200 Holger Levsen wrote:
[..]
> On Montag, 27. April 2015, Francesco Poli wrote:
[...]
> > I am asking since I still see a tracker situation inconsistent with the
> > release of jessie.
>
> I'd suggest to let this post-release situation
http://www.inventati.org/frx/
fsck is a four letter word...
. Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
pgp1Fgqo6N2dm.pgp
Description: PGP signature
t's unfortunate that it
cannot be easily fixed after publication...
Bye, and thanks for the explanation.
--
http://www.inventati.org/frx/
fsck is a four letter word...
..... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3
Package: security-tracker
Severity: normal
Hi again,
DSA-3156-1 [1] states that CVE-2013-6933 is fixed in wheezy by
vlc/2.0.3-5+deb7u2+b1 and mplayer/2:1.0~rc4.dfsg1+svn34540-1+deb7u1 .
The CVE tracker page [2] seems to be unaware of these two fixed
versions for vlc and mplayer.
I don't know whet
Package: security-tracker
Severity: normal
Hello again,
there seems to be a typo in the tracker page for CVE-2014-3660 [1]:
it states that the vulnerability is fixed in jessie by
libxml2/2.9.1+dfsg1-5 , while DSA-2978-2 [2] says that the fixed
version is 2.9.1+dfsg1-4 ...
Please fix the tracker d
Package: security-tracker
Severity: normal
Hello everybody,
there seems to be something weird going on.
The tracker page [1] for DSA-3155-1 [2] looks OK: it states
that the vulnerabilities are fixed in wheezy by
postgresql-9.1/9.1.15-0+deb7u1 (in agreement with the DSA itself).
On the other hand
Package: security-tracker
Severity: normal
Hi,
the tracker page [1] for DSA-3149-1 [2] seems to lack the link to
the relevant CVE [3].
Please fix the tracker data.
Thanks for your time.
[1] https://security-tracker.debian.org/tracker/DSA-3149-1
[2] https://lists.debian.org/debian-security-announ
Package: security-tracker
Severity: normal
Hello,
the tracker page [1] for DSA-3146-1 [2] seems to lack the links to
the relevant CVEs [3][4].
Please update the tracker data.
Thanks for your time.
[1] https://security-tracker.debian.org/tracker/DSA-3146-1
[2] https://lists.debian.org/debian-secu
Package: security-tracker
Severity: normal
Hello everybody,
the tracker page [1] for DSA-3139-1 [2] seems to lack the link to
CVE-2014-3609 [3].
Please fix the tracker data.
Thanks for your time!
[1] https://security-tracker.debian.org/tracker/DSA-3139-1
[2] https://lists.debian.org/debian-secu
Package: security-tracker
Severity: normal
Hello.
Another DSA [1] seems to lack an epoch in the stable fixed version.
The tracker data [2] should be fixed.
[1] https://lists.debian.org/debian-security-announce/2014/msg00303.html
[2] https://security-tracker.debian.org/tracker/DSA-3110-1
P.S.: T
Package: security-tracker
Severity: normal
Hello!
DSA-3104-1 [1] states, in part:
| An older security vulnerability, CVE-2004-2771, had already
| been addressed in the Debian's bsd-mailx package.
However, the tracker [2] seems to disagree, as it claims that
all versions of bsd-mailx in Debian
Package: security-tracker
Severity: normal
Hi all!
DSA-3100-1 [1] seems to lack an epoch in the stable fixed version.
The tracker reflects the DSA [2]: please fix the tracker data!
Thanks for your time.
[1] https://lists.debian.org/debian-security-announce/2014/msg00290.html
[2] https://securit
Package: security-tracker
Severity: normal
Hello!
It seems to me that DSA-3095-1 [1] lacks an epoch in the stable fixed
version.
The tracker reflects the DSA [2]: please fix the tracker data!
Thanks for your time.
[1] https://lists.debian.org/debian-security-announce/2014/msg00285.html
[2] http
On Sat, 29 Nov 2014 11:41:09 +0100 Florian Weimer wrote:
> * Francesco Poli:
>
> > I have been experiencing frequent issues with the web interface of the
> > security tracker for some weeks
[...]
> I think I may have fixed this in r30431, at least for the time being.
H
Package: security-tracker
Severity: important
Hello everybody!
I have been experiencing frequent issues with the web interface of the
security tracker for some weeks and I am still experiencing them:
when visiting the tracker pages [1], I often get the following error
message in my browser:
| Pr
Control: reopen -1
On Sun, 2 Nov 2014 15:28:40 +0100 Salvatore Bonaccorso wrote:
> Hi Francesco,
Hi Salvatore!
>
> On Sat, Nov 01, 2014 at 06:32:03PM +0100, Francesco Poli (wintermute) wrote:
[...]
> > Please update the tracker data.
> > Thanks for your time!
>
&g
Package: security-tracker
Severity: normal
Hi all!
DSA-3061-1 [1] states that several vulnerabilities are fixed in sid
by icedove/31.2.0-1, but the tracker [2] seems to disagree (claiming
that sid is still unfixed).
[1] https://lists.debian.org/debian-security-announce/2014/msg00249.html
[2] http
Package: security-tracker
Severity: normal
Hello everybody!
DSA-3049-1 [1] states that several vulnerabilities are fixed in sid and
jessie by wireshark/1.12.1+g01b65bf-1, but the tracker [2] seems to
disagree for CVE-2014-6422 (which is claimed to still affect both sid
and jessie).
[1] https://li
Package: security-tracker
Severity: normal
Hi all!
I am under the impression that DSA-3037-1 [1] has a typo in the
version that fixes CVE-2014-1568 for stable.
The correct version number seems [2] to be 24.8.1-1~deb7u1
(even though the changelog seems to have a typo in the CVE
number: it's CVE-20
Package: security-tracker
Severity: normal
Hi all!
DSA-2986-1 [1] states that a number of vulnerabilities are fixed in sid
by iceweasel/31.0-1, but the tracker [2] seems to disagree for
CVE-2014-1544 (which is claimed to still affect sid).
[1] https://lists.debian.org/debian-security-announce/201
tp://www.inventati.org/frx/
fsck is a four letter word...
. Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
pgpBa6iNa4l4k.pgp
Description: PGP signature
Package: security-tracker
Severity: normal
Hello everybody!
DSA-2962-1 [1] states that CVE-2014-1545 is fixed in sid by
nspr/2:4.10.6-1, but the tracker [2] seems to disagree (it currenctly
claims that sid is still vulnerable).
[1] https://lists.debian.org/debian-security-announce/2014/msg00143.h
Package: security-tracker
Severity: normal
Hello all!
It seems to me that the tracker data [1] for DSA-2935-1 [2] misses
an epoch in the wheezy fixed version of package libgadu.
[1] https://security-tracker.debian.org/tracker/DSA-2935-1
[2] https://lists.debian.org/debian-security-announce/2014/m
Package: security-tracker
Severity: normal
Hello again!
The tracker data [1] for DSA-2893-1 [2] seems to miss an epoch for both
fixed versions of package openswan.
[1] https://security-tracker.debian.org/tracker/DSA-2893-1
[2] https://lists.debian.org/debian-security-announce/2014/msg00067.html
Package: security-tracker
Severity: normal
Hello!
The tracker data [1] for DSA-2891-1 [2] seems to miss an epoch for the
wheezy fixed version of package mediawiki.
[1] https://security-tracker.debian.org/tracker/DSA-2891-1
[2] https://lists.debian.org/debian-security-announce/2014/msg00064.html
Package: security-tracker
Severity: normal
Hello all,
DSA-2858-1 [1] states that several vulnerabilities have been fixed
in sid by iceweasel/24.3.0esr-1, but the tracker disagrees for
two of them [2][3] (the tracker claims that sid is still vulnerable).
[1] https://lists.debian.org/debian-securit
Package: security-tracker
Severity: normal
Hello,
DSA-2856-1 [1] states that CVE-2014-0050 is fixed in oldstable and
stable security updates for libcommons-fileupload-java.
[1] https://lists.debian.org/debian-security-announce/2014/msg00026.html
The tracker seems to agree on its DSA page [2], bu
On Sat, 8 Feb 2014 12:46:27 +0100 Moritz Mühlenhoff wrote:
> On Sat, Feb 08, 2014 at 12:09:49PM +0100, Francesco Poli wrote:
> > On Sat, 08 Feb 2014 11:53:50 +0100 Moritz Mühlenhoff wrote:
> >
> > [...]
> > > there's no longer a testing security team
> &g
document!
..... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
pgpmnQ9fy1mt5.pgp
Description: PGP signature
Package: security-tracker
Severity: normal
Hello everybody,
DSA-2846-1 [1] says that two vulnerabilities have been fixed in sid
by libvirt/1.2.1-1 .
The tracker seems to agree for CVE-2014-1447, but not for
CVE-2013-6458, which is claimed to be still present in sid [2].
I think the tracker data
Package: security-tracker
Severity: normal
Hi all!
It seems to me that the squeeze and wheezy fixed versions of
xorg-server are missing an epoch in DSA-2822-1 [1][2].
[1] https://lists.debian.org/debian-security-announce/2013/msg00236.html
[2] https://security-tracker.debian.org/tracker/DSA-2822-
Package: security-tracker
Severity: normal
Hello,
there seems to be a missing epoch in the squeeze and wheezy fixed
versions of samba for DSA-2812-1 [1][2].
[1] https://lists.debian.org/debian-security-announce/2013/msg00226.html
[2] https://security-tracker.debian.org/tracker/DSA-2812-1
Could y
Package: security-tracker
Severity: normal
Hi everybody,
now that the security tracker repository on alioth is back online,
several recent DSAs are visible on the tracker.
Thanks.
I noticed that, unfortunately, there seem to be *two* DSA-2797-1
with conflicting name. One for chromium-browser [1]
Package: security-tracker
Severity: normal
Hi all,
it seems to me that there's a missing epoch in the wheezy fixed version
of asterisk for DSA-2749-1 [1][2].
[1] https://lists.debian.org/debian-security-announce/2013/msg00160.html
[2] https://security-tracker.debian.org/tracker/DSA-2749-1
Please
Package: security-tracker
Severity: normal
Hello everybody,
it seems to me that there is no tracker page [1] for DSA-2728-1 [2].
Please update the tracker.
Thanks for your time.
[1] https://security-tracker.debian.org/tracker/DSA-2728-1
[2] https://lists.debian.org/debian-security-announce/2013/
Package: security-tracker
Severity: normal
Hi,
DSA-2722-1 [1] says that many vulnerabilities have been fixed for
sid in openjdk-7/7u25-2.3.10-1 .
The tracker seems to agree for all the vulnerabilities but CVE-2013-2454,
which is claimed to be still present in sid [2].
Is that an oversight?
Pleas
Package: security-tracker
Severity: important
Hello everybody.
I've just noticed that some release pages no longer work and return
a "Proxy Error" instead.
For instance:
https://security-tracker.debian.org/tracker/status/release/unstable?show_undetermined_urgency=1
currently displays:
| Proxy Er
Package: security-tracker
Severity: normal
Hello again,
there seems to be no tracker page [1] for DSA-2694-1 [2].
Please update the tracker data.
Thanks again for your time!
[1] https://security-tracker.debian.org/tracker/DSA-2694-1
[2] https://lists.debian.org/debian-security-announce/2013/msg0
Package: security-tracker
Severity: normal
Hello,
DSA-2692-1 [1] says that CVE-2013-2001 has been fixed for sid in
libxxf86vm/1:1.1.2-1+deb7u1 .
On the other hand, the tracker [2] seems to disagree: it currently
claims that the fixed version for unstable is 2:1.1.3-2+deb7u1 ...
Is that a typo?
P
Package: security-tracker
Severity: normal
Hi,
DSA-2643-1 [1] states that several vulnerabilities have been fixed
for sid in puppet/2.7.18-3 .
The tracker seems to agree on all the corresponding CVE pages, but one!
Namely, CVE-2013-2274 [2] seems to be still considered unfixed for sid.
Which is w
Package: security-tracker
Severity: normal
Hello,
DSA-2624-1 [1] states that a number of vulnerabilities have been fixed
for squeeze in ffmpeg/4:0.5.10-1 .
The tracker seems to agree on its corresponding DSA page [2] and
on *some* of the corresponding CVE pages.
However, three vulnerabilities [3][
Package: security-tracker
Severity: normal
Hello,
it seems to me that an epoch is missing from the squeeze fixed version
of package ircd-hybrid in the tracker page [1] for DSA-2618-1 [2].
Please fix the tracker data.
Thanks for your time!
[1] https://security-tracker.debian.org/tracker/DSA-2618-
Package: security-tracker
Severity: normal
Hi all,
DSA-2614-1 [1] and DSA-2615-1 [2] state that several vulnerabilities
have been fixed in sid by libupnp/1:1.6.17-1.2 and by
libupnp4/1.8.0~svn20100507-1.2 .
However, the tracker seems to disagree [3][4][5][6][7][8][9][10]
(it still claims that unst
Package: security-tracker
Severity: normal
Hello,
although DSA-2578-1 [1] has been recently issued, the tracker
still seems to be unaware of it [2].
Please update the tracker data.
Thanks!
[1] https://lists.debian.org/debian-security-announce/2012/msg00221.html
[2] http://security-tracker.debi
ent!
..... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
pgpWtZF5pylqq.pgp
Description: PGP signature
-2574-1
--
http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt
New GnuPG key, see the transition document!
. Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
pgpcEhEvjbaVw.pgp
Description
Package: security-tracker
Severity: normal
Hi all,
DSA-2559-1 [1] was issued, but the tracker seems to know nothing
about it [2] yet.
Please update the tracker data.
Thanks for your time!
[1] https://lists.debian.org/debian-security-announce/2012/msg00203.html
[2] http://security-tracker.debian
Package: security-tracker
Severity: normal
Hi everyone!
it seems to me that the tracker page [1] for DSA-2557-1 [2] has a fixed
version for stable that lacks the epoch (it should be 1:0.6.10-2+squeeze1,
rather than 0.6.10-2+squeeze1).
Please fix the tracker data.
Thanks for your time!
[1] http:/
Package: security-tracker
Severity: normal
Hello,
DSA-2533-1 [1] states that four vulnerabilities are fixed in sid
by pcp/3.6.5
The tracker [2][3][4][5] seems to disagree.
Please update the tracker data.
Thanks for your time!
[1] https://lists.debian.org/debian-security-announce/2012/msg00174.h
Package: security-tracker
Severity: normal
Hello,
DSA-2531-1 has been recently issued [1], but the corresponding tracker
page [2] is basically empty.
Please update the tracker data.
Thanks for your time!
[1] https://lists.debian.org/debian-security-announce/2012/msg00172.html
[2] http://security
Package: security-tracker
Severity: normal
Hello!
DSA-2527-1 [1] states that two vulnerabilities are fixed in sid by
php5/5.4.4-4, but the tracker seems to disagree on one of them,
namely CVE-2012-3450 [2].
Please update the tracker data.
Thanks for your time!
[1] https://lists.debian.org/debi
nuPG key, see the transition document!
..... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
pgphkyWHxHDCs.pgp
Description: PGP signature
-2010.txt
New GnuPG key, see the transition document!
. Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
pgpXGRCLHWkbz.pgp
Description: PGP signature
Package: security-tracker
Severity: normal
Hello!
DSA-2521-1 [1] has been recently issued, but the tracker [2] seems to be
still unaware of it.
Please update the tracker data.
Thanks for your time!
[1] https://lists.debian.org/debian-security-announce/2012/msg00162.html
[2] http://security-tra
Package: security-tracker
Severity: normal
Hi!
DSA-2519-2 has been issued [1], stating that the previously
announced security patches were not really applied to
isc-dhcp/4.1.1-P1-15+squeeze5, an issue that has been fixed
in isc-dhcp/4.1.1-P1-15+squeeze6.
[1] https://lists.debian.org/debian-secur
Package: security-tracker
Severity: normal
Hello!
DSA-2520-1 [1] and the corresponding tracker page [2] state that
CVE-2012-2665 has been fixed in stable by
openoffice.org/3.2.1-11+squeeze7.
I believe that an epoch is missing, since the version number
of the openoffice.org package currently in st
On Tue, 17 Jul 2012 01:09:03 + Debian Bug Tracking System wrote:
> On Fri, Jul 13, 2012 at 5:28 PM, Francesco Poli (wintermute) wrote:
[...]
> > DSA-2511-1 [...] says that CVE-2012-386[4-7] are fixed in sid by
> > puppet/2.7.18-1, but the tracker seems to disagree
[...]
>
Package: security-tracker
Severity: normal
Hi!
DSA-2511-1 [1] says that CVE-2012-386[4-7] are fixed in sid by
puppet/2.7.18-1, but the tracker seems to disagree [2].
I suppose the DSA is right: if this is the case, please update
the tracker data.
Thanks for your time!
[1] https://lists.debian.
Bye.
--
http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt
New GnuPG key, see the transition document!
..... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
pgplofO6iqjZP.pgp
Description: PGP signature
oking?
Could you please explain?
Thanks for your time.
--
http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt
New GnuPG key, see the transition document!
. Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1
On Fri, 29 Jun 2012 21:41:46 +0200 Florian Weimer wrote:
> * Francesco Poli:
>
> > DSA-2503-1 [1] states that CVE-2012-3366 is fixed in sid by
> > bcfg2/1.2.2-2, but the tracker [2] seems to disagree.
> >
> > I think that the DSA is probably right, since the BTS se
Package: security-tracker
Severity: normal
Hello everybody!
DSA-2503-1 [1] states that CVE-2012-3366 is fixed in sid by
bcfg2/1.2.2-2, but the tracker [2] seems to disagree.
I think that the DSA is probably right, since the BTS seems to
tell the same story [3].
Please update the tracker data.
T
Package: security-tracker
Severity: normal
Hi all!
DSA-2479-1 [1] says that CVE-2011-3102 is fixed in sid by
libxml2/2.7.8.dfsg-9.1, but the tracker [2] seems to disagree.
Assuming that the DSA is right, please update the tracker data.
Thanks for your time.
[1] https://lists.debian.org/debian-
On Mon, 23 Apr 2012 19:26:35 +0200 Moritz Mühlenhoff wrote:
> On Wed, Apr 18, 2012 at 09:24:28PM +0200, Francesco Poli (wintermute) wrote:
> > Package: security-tracker
> > Severity: normal
> >
> > Hello,
> > DSA-2453-1 [1] states that three vulnerabilities a
Package: security-tracker
Severity: normal
Hello,
DSA-2453-1 [1] states that three vulnerabilities are fixed in
wheezy and sid by gajim/0.15-1, but the tracker seems to disagree
regarding CVE-2012-2093 [2], which is still considered as unfixed
in gajim/0.15-1 ...
Please update the tracker data, a
On Fri, 30 Mar 2012 11:44:19 +0200 Yves-Alexis Perez wrote:
> On jeu., 2012-03-29 at 00:30 +0200, Francesco Poli wrote:
> > Hello everybody,
> > it seems to me that the tracker stopped fetching info about package
> > versions in "squeeze (security)".
[...]
>
sition document!
..... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
pgpsqFGU8XoIW.pgp
Description: PGP signature
Package: security-tracker
Severity: normal
Hello everybody!
DSA-2429-1 [1] says that a good number of vulnerabilities are fixed
in sid by mysql-5.1/5.1.61-2
However, the tracker seems to disagree on one of them
(CVE-2012-0119 [2]).
Who's right and who's wrong?
Please clarify and/or update the tr
Package: security-tracker
Severity: normal
Hello!
DSA-2401-1 [1] claims that a number of referenced vulnerabilities
are fixed in sid by tomcat6/6.0.35-1
However, two vulnerabilities (CVE-2011-3190 [2] and CVE-2011-4858 [3])
out of the 10 referenced ones are shown as not fixed in sid and wheezy
on
Package: security-tracker
Severity: normal
Hello!
The tracker page [1] for DSA-2394-1 [2] seems to be almost empty.
Please fix the tracker data.
Thanks for your time!
[1] http://security-tracker.debian.org/tracker/DSA-2394-1
[2] http://lists.debian.org/debian-security-announce/2012/msg00018.htm
Package: security-tracker
Severity: normal
Hello everybody!
The tracker page [1] for DSA-2389-1 [2] seems to be almost empty.
Please fix the tracker data.
Thanks for your time!
[1] http://security-tracker.debian.org/tracker/DSA-2389-1
[2] http://lists.debian.org/debian-security-announce/2012/ms
On Sun, 15 Jan 2012 13:42:50 +0100 Yves-Alexis Perez wrote:
> On dim., 2012-01-15 at 12:53 +0100, Francesco Poli (wintermute) wrote:
[...]
> > Assuming that the DSA is right and the tracker is wrong, please
> > fix this inconsistency.
[...]
>
> You're perfectly right,
Package: security-tracker
Severity: normal
Hi!
The tracker page [1] for DSA-2388-1 [2] looks OK, but some of the
referenced CVE tracker pages [3][4] claim that t1lib/5.1.2-3.3 is still
vulnerable in wheezy and sid, while the DSA [2] claims that all the
CVEs are fixed in wheezy and sid by t1lib/5.
Package: security-tracker
Severity: normal
Hi!
There seem to be no tracker pages [1][2] for DSA-2372-1 [3] or for
DSA-2373-1 [4].
Please update the tracker data.
Thanks for your time!
[1] http://security-tracker.debian.org/tracker/DSA-2372-1
[2] http://security-tracker.debian.org/tracker/DSA-23
Package: security-tracker
Severity: normal
Hello!
Is there any special reason why the tracker page [1] for
DSA-2370-1 [2] lacks the reference to one (CVE-2011-4528)
of the two CVE ids mentioned in the DSA [2] itself?
If this is just a mistake, please fix the tracker data.
Thanks for your time!
Package: security-tracker
Severity: normal
Hi!
The tracker page [1] for DSA-2368-1 [2] seems to report a
wrong fixed version for lenny (I guess it should be
1.4.19-5+lenny3 , rather than 1.4.19+lenny3), probably
because the DSA [2] itself reports the same (seemingly
wrong) version.
Please fix th
Package: security-tracker
Severity: normal
Hi!
It seems to me that the tracker page [1] for DSA-2364-1 [2] misses
the epoch in the squeeze fixed version (that should be
1:7.5+8+squeeze1, rather than 7.5+8+squeeze1).
Please fix the tracker data.
Thanks for your time!
Actually, the epoch seems to
On Sat, 10 Dec 2011 12:22:31 +0100 Francesco Poli (wintermute) wrote:
[...]
> It seems to me that the tracker page [1] for DSA-2362-1 [2] misses
> the epoch in the squeeze fixed version (which should be 1:2.0.7-1squeeze3
> rather than 2.0.7-1squeeze3).
This first issue seems to
Package: security-tracker
Severity: normal
Hi all!
It seems to me that the tracker page [1] for DSA-2362-1 [2] misses
the epoch in the squeeze fixed version (which should be 1:2.0.7-1squeeze3
rather than 2.0.7-1squeeze3).
Moreover, the DSA [2] says that CVE-2011-2777 does not affect oldstable,
bu
On Mon, 05 Dec 2011 13:16:41 +0100 Yves-Alexis Perez wrote:
> On dim., 2011-12-04 at 16:00 +0100, Francesco Poli wrote:
[...]
> > The situation has improved significantly since I reported the
> > inconsistency.
> > Thanks a lot to whoever (silently) updated the tracker, if an
On Sun, 04 Dec 2011 12:19:46 +0100 Francesco Poli (wintermute) wrote:
[...]
> Hi!
> It seems to me that the tracker page [1] for DSA-2357-1 [2] is
> fairly incomplete.
[...]
> [1] http://security-tracker.debian.org/tracker/DSA-2357-1
> [2] http://lists.debian.org/debian-securit
1 - 100 of 422 matches
Mail list logo
