Hi all! DSA 1327-1[1] states that CVE-2007-2838 is fixed in etch with version 0.1.4-2etch1 of gsambad, while could be still unfixed in sid. However, the tracker page for this DSA[2] seems to be a bit strange: | Debian/oldstable not known to be vulnerable | Debian/stable not known to be vulnerable | Debian/testing not known to be vulnerable | Debian/unstable not known to be vulnerable but at the bottom the correct version info seems to be shown: | Package Type Release Fixed Version Urgency Origin Debian Bugs | gsamba unknown etch 0.1.4-2etch1 unknown Similarly awkward data are shown in the tracker page for the vulnerability[3]: | Source Package Release Version Status | gsambad (PTS) etch 0.1.4-2 vulnerable | etch (security) 0.1.4-2etch1 vulnerable | lenny 0.1.5-5 vulnerable | sid 0.1.6-1 vulnerable but: | Package Type Release Fixed Version Urgency Origin Debian Bugs | gsamba unknown etch 0.1.4-2etch1 unknown DSA-1327-1 | gsambad source (unstable) 0.1.6-2 unknown 431331 What''s wrong? Is this an inconsistency? [1] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00088.html [2] http://security-tracker.debian.net/tracker/DSA-1327-1 [3] http://security-tracker.debian.net/tracker/CVE-2007-2838 P.S.: Please Cc: me on replies, as I am not a list subscriber. Thanks. -- http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html Need to read a Debian testing installation walk-through? ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070702/cfda2721/attachment.pgp
On Montag, 2. Juli 2007, Francesco Poli wrote:> What''s wrong? > Is this an inconsistency?there is yet another cronjob that updates the cross references between CVEs and DSAs. It seems this job hasn''t run since DSA 1327 was put into the tracker. I don''t really know how often it is supposed to run, but I think it was twice a day. The gsambad DSA was entered into the tracker today, so in a few hours everything should be fine. Cheers, Stefan
* Francesco Poli:> but at the bottom the correct version info seems to be shown: > > | Package Type Release Fixed Version Urgency Origin Debian Bugs > | gsamba unknown etch 0.1.4-2etch1 unknownThis is a typo in the package name (hence "type unknown"). I''ve fixed in the source files. Propagation to the web pages will take some more time.
On Tue, 03 Jul 2007 10:22:27 +0200 Florian Weimer wrote: [...]> This is a typo in the package name (hence "type unknown"). I''ve fixed > in the source files. Propagation to the web pages will take some more > time.It looks OK now. Thanks for fixing things up! :) -- http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html Need to read a Debian testing installation walk-through? ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070703/00a35139/attachment.pgp