Hi everyone again! :)
There''s something I cannot quite understand about
http://idssi.enyo.de/tracker/status/release/stable
On that status page there are two rows about mpg123:
mpg123 (non-free) CVE-2006-1655
DSA-1074-1
There first one refers to a vulnerability, while the second one refers
to the DSA that claims to fix that same vulnerability.
:-?
I thought that a vulnerability should disappear from the *stable* status
page, once it''s fixed in security.debian.org...
At least, it seems that every other hole that was fixed in s.d.o and got
a DSA is not shown in the status page anymore.
Is this one special? Why?
--
:-( This Universe is buggy! Where''s the Creator''s BTS?
;-)
......................................................................
Francesco Poli GnuPG Key ID = DD6DFCF4
Key fingerprint = C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060626/8ceac1c1/attachment.pgp
Francesco Poli wrote:> Hi everyone again! :) > > There''s something I cannot quite understand about > http://idssi.enyo.de/tracker/status/release/stable > On that status page there are two rows about mpg123: > > mpg123 (non-free) CVE-2006-1655 > DSA-1074-1 > > There first one refers to a vulnerability, while the second one refers > to the DSA that claims to fix that same vulnerability. > :-? > I thought that a vulnerability should disappear from the *stable* status > page, once it''s fixed in security.debian.org... > At least, it seems that every other hole that was fixed in s.d.o and got > a DSA is not shown in the status page anymore. > Is this one special? Why?The tracker doesn''t process the sources.list from non-free yet. Cheers, Moritz
On Mon, 26 Jun 2006 19:49:05 +0200 Moritz Muehlenhoff wrote:> Francesco Poli wrote: > > Hi everyone again! :)[...]> > mpg123 (non-free) CVE-2006-1655 > > DSA-1074-1[...]> > Is this one special? Why? > > The tracker doesn''t process the sources.list from non-free yet.Ah, that is why! Thanks for clarifying... -- :-( This Universe is buggy! Where''s the Creator''s BTS? ;-) ...................................................................... Francesco Poli GnuPG Key ID = DD6DFCF4 Key fingerprint = C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060627/8e5dac32/attachment.pgp