Francesco Poli
2007-Jun-18 21:17 UTC
[Secure-testing-team] DSA 1310-1 refers to wrong CVE in the tracker
Hi! It seems to me that the tracker DSA-1310-1 page[1] refers to the wrong CVE number. It currently refers to CVE-2007-2138[2], which does not seem to have anything to do with libexif. The DSA[3] instead refers CVE-2006-4168[4], which is indeed related to libexif. Am I misreading something, or should this datum be fixed? [1] http://security-tracker.debian.net/tracker/DSA-1310-1 [2] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2138 [3] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00071.html [4] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4168 P.S.: Please Cc: me on replies, as I am not a list subscriber. Thanks. -- http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html Need to read a Debian testing installation walk-through? ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070618/faf8783e/attachment.pgp
Micah Anderson
2007-Jun-21 16:15 UTC
[Secure-testing-team] DSA 1310-1 refers to wrong CVE in the tracker
Hi, Francesco Poli wrote:> Hi! > > It seems to me that the tracker DSA-1310-1 page[1] refers to the wrong > CVE number.I agree, I''ve updated this and it should be showing the right information soon. Micah
Francesco Poli
2007-Jun-21 20:36 UTC
[Secure-testing-team] DSA 1310-1 refers to wrong CVE in the tracker
On Thu, 21 Jun 2007 17:15:28 +0100 Micah Anderson wrote:> > Hi, > > Francesco Poli wrote: > > Hi! > > > > It seems to me that the tracker DSA-1310-1 page[1] refers to the > > wrong CVE number. > > I agree, I''ve updated this and it should be showing the right > information soon.Well, it now just refers to *both* CVEs! I still have to understand what is CVE-2007-2138 supposed to have to do with libexif... :-? -- http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html Need to read a Debian testing installation walk-through? ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070621/bc657165/attachment.pgp
Stefan Fritsch
2007-Jun-21 22:21 UTC
[Secure-testing-team] DSA 1310-1 refers to wrong CVE in the tracker
On Thu, 21 Jun 2007, Francesco Poli wrote:> Well, it now just refers to *both* CVEs!That was just another typo and is now fixed. Thanks for your vigilance. Cheers, Stefan
Francesco Poli
2007-Jun-21 23:03 UTC
[Secure-testing-team] DSA 1310-1 refers to wrong CVE in the tracker
On Fri, 22 Jun 2007 00:21:15 +0200 (CEST) Stefan Fritsch wrote:> On Thu, 21 Jun 2007, Francesco Poli wrote: > > Well, it now just refers to *both* CVEs! > > That was just another typo and is now fixed.Good!> > Thanks for your vigilance.You''re welcome... :) -- http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html Need to read a Debian testing installation walk-through? ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070622/d3876685/attachment.pgp