On Mon, 19 Jun 2006 22:36:11 +0200 Francesco Poli wrote: > On Sun, 18 Jun 2006 10:20:38 +0200 Florian Weimer wrote: > > > * Francesco Poli: > > > > > Here's the first discrepancy I found: > > > > > > * blender 2.40-1 needed, have 2.37a-1.1 for CVE-2005-4470 > > > > There was a typo in the DTSA file. The output should be fixed soon. > > Now it reads: > > * blender 2.37a-1.1etch1 needed, have 2.37a-1.1 for DTSA-29-1 > > Mmmh, it should qualify as "fixed in secure-testing archive" in the > bottom summary, but it doesn't. > I'm afraid that this is not the Right Way(TM) to mark it as > fixed with DTSA-something... :-(
Another possible misuse of this same kind of tag: * egroupware 1.2-1.dfsg-1 needed, have 1.0.0.009.dfsg-3-4 for CVE-2006-2016 Unfortunately, the testing migration tracker[1] says that "egroupware has the latest version in testing (1.0.0.009.dfsg-3-4)" If you look at packages.qa.d.o[2], you see that all 1.2-* versions were uploaded to experimental, rather than to unstable. This explains why no migration to testing is currently on the way. OK. But then, considering this hole as "fixed in unstable but not testing" does not seem to be correct! This hole should be marked as unfixed, or, at best, as "fixed in experimental" (but I don't see this category in the bottom summary of the testing security holes page[3]...) [1] http://bjorn.haxx.se/debian/testing.pl?package=egroupware [2] http://packages.qa.debian.org/e/egroupware.html [3] http://spohr.debian.org/~joeyh/testing-security.html -- :-( This Universe is buggy! Where's the Creator's BTS? ;-) ...................................................................... Francesco Poli GnuPG Key ID = DD6DFCF4 Key fingerprint = C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
pgpZE9cBk81Fi.pgp
Description: PGP signature
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
