Hi all! DSA 1327-1[1] states that CVE-2007-2838 is fixed in etch with version 0.1.4-2etch1 of gsambad, while could be still unfixed in sid.
However, the tracker page for this DSA[2] seems to be a bit strange: | Debian/oldstable not known to be vulnerable | Debian/stable not known to be vulnerable | Debian/testing not known to be vulnerable | Debian/unstable not known to be vulnerable but at the bottom the correct version info seems to be shown: | Package Type Release Fixed Version Urgency Origin Debian Bugs | gsamba unknown etch 0.1.4-2etch1 unknown Similarly awkward data are shown in the tracker page for the vulnerability[3]: | Source Package Release Version Status | gsambad (PTS) etch 0.1.4-2 vulnerable | etch (security) 0.1.4-2etch1 vulnerable | lenny 0.1.5-5 vulnerable | sid 0.1.6-1 vulnerable but: | Package Type Release Fixed Version Urgency Origin Debian Bugs | gsamba unknown etch 0.1.4-2etch1 unknown DSA-1327-1 | gsambad source (unstable) 0.1.6-2 unknown 431331 What's wrong? Is this an inconsistency? [1] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00088.html [2] http://security-tracker.debian.net/tracker/DSA-1327-1 [3] http://security-tracker.debian.net/tracker/CVE-2007-2838 P.S.: Please Cc: me on replies, as I am not a list subscriber. Thanks. -- http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html Need to read a Debian testing installation walk-through? ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
pgpAPXzSR7RK2.pgp
Description: PGP signature
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
