Jon Daley on 2006-10-04 05:54:41 -0400:
> It looks to me that the top summary fields that say "not
vulnerable" are
> out of sync or something.
>
> Name CVE-2006-4925
> Source CVE (in NVD)
> Description packet.c in ssh in OpenSSH allows remote attackers to
> cause a denial ...
> Debian/stable not known to be vulnerable
> Debian/testing not known to be vulnerable
> Debian/unstable not known to be vulnerable
>
>
> And then the rest of the page says "vulnerable" everywhere,
without any
> fixes reported.
>
> I see the "That''s a non-issue" comment, so perhaps that
means it won''t
> be/doesn''t need to be fixed?
Valid question. Down at the bottom of the page, you''ll see its
urgency is ''unimportant''; ''unimportant''
issues are acknowledged and
tracked but not displayed along with other ones because they are,
well, unimportant. There isn''t an error in the website code; a
package isn''t considered vulnerable if it suffers from
''unimportant''
issues.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20061004/c78357f5/attachment.pgp