Hi! It seems that blender finally migrated to testing[1][2]: version 2.42a-4 is now both in unstable and testing. Hence I think that the security bug tracker[3] should be updated, as it still states that etch has version 2.37a-1.1. Consequently CVE-2005-4470[4] should not any longer be considered as fixed in testing-security, but as fixed in both unstable and testing... [1] http://bjorn.haxx.se/debian/testing.pl?package=blender [2] http://packages.qa.debian.org/b/blender.html [3] http://security-tracker.debian.net/tracker/source-package/blender [4] http://security-tracker.debian.net/tracker/CVE-2005-4470 BTW, many thanks for the great recent improvements in testing security: the unfixed vulnerability count has greatly dropped! Good job, it''s really appreciated! :) P.S.: Please Cc: me on replies, as I am not a list subscriber. Thanks. -- But it is also tradition that times *must* and always do change, my friend. -- from _Coming to America_ ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20061027/2dcd8a6d/attachment.pgp
On Fri, Oct 27, 2006 at 10:09:12PM +0200, Francesco Poli wrote:> Hi! > > It seems that blender finally migrated to testing[1][2]: version > 2.42a-4 is now both in unstable and testing. > Hence I think that the security bug tracker[3] should be updated, > as it still states that etch has version 2.37a-1.1.Hi there, The tracker should automatically update itself. I''m not sure on the length of lag for this, but it will show the correct information at some point(tm) :P Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20061028/0efdedd8/attachment.pgp
On Sat, 28 Oct 2006 14:54:47 +0100 Neil McGovern wrote:> On Fri, Oct 27, 2006 at 10:09:12PM +0200, Francesco Poli wrote: > > Hi! > > > > It seems that blender finally migrated to testing[1][2]: version > > 2.42a-4 is now both in unstable and testing. > > Hence I think that the security bug tracker[3] should be updated, > > as it still states that etch has version 2.37a-1.1. > > Hi there, > > The tracker should automatically update itself. I''m not sure on the > length of lag for this, but it will show the correct information at > some point(tm) :PWell, looking at the PTS[1], it seems that blender 2.42a-4 migrated to testing last wednesday, while the tracker *still* shows outdated info... Taking into account that today is saturday, it looks like a fairly significant lag! :-/ What''s wrong? [1] http://packages.qa.debian.org/b/blender.html -- But it is also tradition that times *must* and always do change, my friend. -- from _Coming to America_ ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20061028/aa7874be/attachment.pgp
On Saturday 28 October 2006 18:30, Francesco Poli wrote:> Well, looking at the PTS[1], it seems that blender 2.42a-4 migrated > to testing last wednesday, while the tracker *still* shows outdated > info... Taking into account that today is saturday, it looks like a > fairly significant lag! :-/ > What''s wrong?I think two things: - The tracker does not update its data from svn (maybe because of the alioth reorganization, they are still missing one firewall hole). - The tracker treats a package marked as ITP appearing in the archive as fatal error (and mplayer was uploaded last week). Therefore it doesn''t even pull new package lists. Maybe it get''s fixed by alioth getting fixed or we need Florian to take a look, but he doesn''t seem to be around ATM. Cheers, Stefan
On Mon, 30 Oct 2006 21:09:53 +0100 Stefan Fritsch wrote:> On Saturday 28 October 2006 18:30, Francesco Poli wrote: > > Well, looking at the PTS[1], it seems that blender 2.42a-4 migrated > > to testing last wednesday, while the tracker *still* shows outdated > > info... Taking into account that today is saturday, it looks like a > > fairly significant lag! :-/ > > What''s wrong? > > I think two things: > - The tracker does not update its data from svn (maybe because of the > alioth reorganization, they are still missing one firewall hole). > - The tracker treats a package marked as ITP appearing in the archive > as fatal error (and mplayer was uploaded last week). Therefore it > doesn''t even pull new package lists. > > Maybe it get''s fixed by alioth getting fixed or we need Florian to > take a look, but he doesn''t seem to be around ATM.Well, I don''t know which is the problem (if any), but it seems that the security bug tracker has gone on presenting the same data for more or less 5 days, so far... I mean: not only as far as blender is concerned, but about pretty every and each listed vulnerability! :-/ -- But it is also tradition that times *must* and always do change, my friend. -- from _Coming to America_ ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20061030/aa501079/attachment.pgp
On Mon, Oct 30, 2006 at 10:49:38PM +0100, Francesco Poli wrote:> On Mon, 30 Oct 2006 21:09:53 +0100 Stefan Fritsch wrote: > > Maybe it get''s fixed by alioth getting fixed or we need Florian to > > take a look, but he doesn''t seem to be around ATM. > > Well, I don''t know which is the problem (if any), but it seems that the > security bug tracker has gone on presenting the same data for more or > less 5 days, so far... I mean: not only as far as blender is concerned, > but about pretty every and each listed vulnerability! :-/ >Hrm, forgot about that. I think the updates are waiting on the firewall hole for alioth. Cheers, Neil -- <Tincho> ''Maybe you can try to find a nice hotel by shouting in the Mexico DF streets "where could a gringo find a decent hotel in this dirty third world lame excuse for a country?". I''m sure the people will rush to help you, as we south americans love to be called third world in a demeaning way.'' -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20061031/6f45c11e/attachment.pgp
* Stefan Fritsch:> I think two things: > - The tracker does not update its data from svn (maybe because of the > alioth reorganization, they are still missing one firewall hole).Yeah, this was the main issue.> - The tracker treats a package marked as ITP appearing in the archive > as fatal error (and mplayer was uploaded last week). Therefore it > doesn''t even pull new package lists.Correct. Furthermore, the Debian mirror used by the system had a few issues as well.
On Wed, 01 Nov 2006 21:46:36 +0100 Florian Weimer wrote:> * Stefan Fritsch: > > > I think two things: > > - The tracker does not update its data from svn (maybe because of > > the alioth reorganization, they are still missing one firewall > > hole). > > Yeah, this was the main issue.I confirm that using the past is appropriate: now the tracker seems to present time-variant data again! -- But it is also tradition that times *must* and always do change, my friend. -- from _Coming to America_ ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20061101/d1051015/attachment.pgp