Secure testing team - Jun 2006 - Yet another question about the tracker

Hi again!

Many vulnerabilities are listed in [1] for kernel-source-2.6.8.
On the other hand, DSA-1103-1 (which is listed as well) claims that
all of them but the first one (CVE-2005-2873) are fixed in
version 2.6.8-*sarge3 (available in the security.debian.org repository).
What''s wrong?
Shouldn''t these vulnerabilities be absent from [1]?

[1] http://idssi.enyo.de/tracker/status/release/stable



P.S.: Please go on Cc:ing me, as I am not a subscriber of this list.
Thanks!

-- 
    :-(   This Universe is buggy! Where''s the Creator''s BTS?  
;-)
......................................................................
  Francesco Poli                             GnuPG Key ID = DD6DFCF4
 Key fingerprint = C979 F34B 27CE 5CD8 DC12  31B5 78F4 279B DD6D FCF4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060629/9f4b7fb6/attachment.pgp

* Francesco Poli:
> Hi again!
>
> Many vulnerabilities are listed in [1] for kernel-source-2.6.8.
> On the other hand, DSA-1103-1 (which is listed as well) claims that
> all of them but the first one (CVE-2005-2873) are fixed in
> version 2.6.8-*sarge3 (available in the security.debian.org repository).
> What''s wrong?
> Shouldn''t these vulnerabilities be absent from [1]?
>
> [1] http://idssi.enyo.de/tracker/status/release/stable
Uhm, they aren''t listed?  Perhaps the database was out of date.  There
is some delay between the DSA, the commit to the secure-testing SVN
repository, and the database update (the computation takes about 6
minutes at the moment).

> > Many vulnerabilities are listed in [1] for kernel-source-2.6.8.
> > On the other hand, DSA-1103-1 (which is listed as well) claims
> > that all of them but the first one (CVE-2005-2873) are fixed in
>
> Uhm, they aren''t listed?  Perhaps the database was out of date. 
> There is some delay between the DSA, the commit to the
> secure-testing SVN repository, and the database update (the
> computation takes about 6 minutes at the moment).
The commit was  2006-06-27 14:35:55 +0000, two days before Francesco''s 
mail. Maybe the commit notification mail was delayed (I assume the 
database update is triggered by the commit mail?).

Stefan

On Fri, 30 Jun 2006 21:02:00 +0200 Stefan Fritsch wrote:
> > > Many vulnerabilities are listed in [1] for kernel-source-2.6.8.
> > > On the other hand, DSA-1103-1 (which is listed as well) claims
> > > that all of them but the first one (CVE-2005-2873) are fixed in
> >
> > Uhm, they aren''t listed?  Perhaps the database was out of
date.
> > There is some delay between the DSA, the commit to the
> > secure-testing SVN repository, and the database update (the
> > computation takes about 6 minutes at the moment).
> 
> The commit was  2006-06-27 14:35:55 +0000, two days before
Francesco''s
> mail. Maybe the commit notification mail was delayed (I assume the 
> database update is triggered by the commit mail?).
I confirm that now those vulnerabilities are not listed anymore.
But be sure they were there when I sent my message, I checked!  ;-) 


-- 
    :-(   This Universe is buggy! Where''s the Creator''s BTS?  
;-)
......................................................................
  Francesco Poli                             GnuPG Key ID = DD6DFCF4
 Key fingerprint = C979 F34B 27CE 5CD8 DC12  31B5 78F4 279B DD6D FCF4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060630/77b638db/attachment.pgp