Hi again! Is the tracker[1] consistent with DSA 1301-1?
The DSA[2] states that CVE-2007-2356 is: * fixed by version 2.2.6-1sarge2 in sarge * fixed by version 2.2.13-1etch1 in etch * fixed by version 2.2.14-2 in sid The tracker seems to disagree, though. The vulnerability[3] is claimed to be present in versions 2.2.6-1sarge2 and 2.2.13-1etch1. The tracker seems to correctly know which versions are in which Debian branch, hence I don't think that the problem lies in delayed fetch of Packages.gz... What's wrong? [1] http://security-tracker.debian.net/tracker/ [2] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00061.html [3] http://security-tracker.debian.net/tracker/CVE-2007-2356 P.S.: Please Cc: me on replies, as I am not a list subscriber. Thanks. -- http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html Need to read a Debian testing installation walk-through? ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
pgpttoz4bmXlS.pgp
Description: PGP signature
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
