Francesco Poli
2007-Mar-30 23:37 UTC
[Secure-testing-team] CVE-2007-0002, -0238, and -0239 are fixed in testing-security, aren''t they?
Hi! I noticed something strange on the security bug tracker[1]. The testing status page still lists three openoffice.org vulnerabilities (CVE-2007-0002, -0238, and -0239) as "fixed in unstable". On the other hand, DSA 1270-2 claims[3] that those same vulnerabilities are fixed by version 2.0.4.dfsg.2-5etch1, which is currently provided by debian-security testing/updates. I think these three vulnerabilities should be listed as "fixed in testing-security". Or am I wrong? [1] http://security-tracker.debian.net/tracker/ [2] http://security-tracker.debian.net/tracker/status/release/testing [3] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00029.html -- http://frx.netsons.org/doc/nanodocs/etch_workstation_install.html Need to read a Debian etch installation walk-through? ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070331/eccbb595/attachment.pgp
Francesco Poli
2007-Mar-30 23:43 UTC
[Secure-testing-team] Re: CVE-2007-0002, -0238, and -0239 are fixed in testing-security, aren''t they?
On Sat, 31 Mar 2007 00:53:15 +0200 Francesco Poli wrote:> Hi![...] I forgot to say: Please Cc: me on replies, as I am not a list subscriber. Thanks. -- http://frx.netsons.org/doc/nanodocs/etch_workstation_install.html Need to read a Debian etch installation walk-through? ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070331/8440a06d/attachment.pgp
Florian Weimer
2007-Apr-01 10:11 UTC
[Secure-testing-team] CVE-2007-0002, -0238, and -0239 are fixed in testing-security, aren''t they?
* Francesco Poli:> I think these three vulnerabilities should be listed as "fixed in > testing-security". > Or am I wrong?No, I think we missed the uploads to testing-proposed-updates. Fixed.
Francesco Poli
2007-Apr-01 10:28 UTC
[Secure-testing-team] CVE-2007-0002, -0238, and -0239 are fixed in testing-security, aren''t they?
On Sun, 01 Apr 2007 12:10:53 +0200 Florian Weimer wrote:> * Francesco Poli: > > > I think these three vulnerabilities should be listed as "fixed in > > testing-security". > > Or am I wrong? > > No, I think we missed the uploads to testing-proposed-updates. Fixed.Ah, OK. Thanks for maintaining the Security Bug Tracker: I think it''s a really useful resource! :-) -- http://frx.netsons.org/doc/nanodocs/etch_workstation_install.html Need to read a Debian etch installation walk-through? ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070401/8316cdf4/attachment.pgp