Hi all! DSA 1332-1[1] states that three vulnerabilities (CVE-2007-3316 CVE-2007-3467 CVE-2007-3468) are fixed in sid by vlc version 0.8.6.c-1, as the buglog[2] seems to confirm.
However, the tracker pages for those vulnerabilities[3][4][5] seem to
have a typo in the version info:
| Package Type Release Fixed Version Urgency
Origin Debian Bugs
| vlc source (unstable) 0.8.6.c.debian-1 unimportant
429726
| vlc source etch 0.8.6-svn20061012.debian-5etch1 unknown
DSA-1332-1
| vlc source sarge 0.8.1.svn20050314-1sarge3 unknown
DSA-1332-1
Is this an inconsistency?
[1]
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00093.html
[2] http://bugs.debian.org/429726
[3] http://security-tracker.debian.net/tracker/CVE-2007-3316
[4] http://security-tracker.debian.net/tracker/CVE-2007-3467
[5] http://security-tracker.debian.net/tracker/CVE-2007-3468
P.S.: Please Cc: me on replies, as I am not a list subscriber. Thanks.
--
http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html
Need to read a Debian testing installation walk-through?
..................................................... Francesco Poli .
GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
pgpqp5d2L05Wx.pgp
Description: PGP signature
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
