Hi again! Is the tracker[1] consistent with DSA 1301-1? The DSA[2] states that CVE-2007-2356 is: * fixed by version 2.2.6-1sarge2 in sarge * fixed by version 2.2.13-1etch1 in etch * fixed by version 2.2.14-2 in sid The tracker seems to disagree, though. The vulnerability[3] is claimed to be present in versions 2.2.6-1sarge2 and 2.2.13-1etch1. The tracker seems to correctly know which versions are in which Debian branch, hence I don''t think that the problem lies in delayed fetch of Packages.gz... What''s wrong? [1] http://security-tracker.debian.net/tracker/ [2] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00061.html [3] http://security-tracker.debian.net/tracker/CVE-2007-2356 P.S.: Please Cc: me on replies, as I am not a list subscriber. Thanks. -- http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html Need to read a Debian testing installation walk-through? ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070610/b26f8c69/attachment.pgp