Hi all! DSA 1332-1[1] states that three vulnerabilities (CVE-2007-3316 CVE-2007-3467 CVE-2007-3468) are fixed in sid by vlc version 0.8.6.c-1, as the buglog[2] seems to confirm. However, the tracker pages for those vulnerabilities[3][4][5] seem to have a typo in the version info: | Package Type Release Fixed Version Urgency Origin Debian Bugs | vlc source (unstable) 0.8.6.c.debian-1 unimportant 429726 | vlc source etch 0.8.6-svn20061012.debian-5etch1 unknown DSA-1332-1 | vlc source sarge 0.8.1.svn20050314-1sarge3 unknown DSA-1332-1 Is this an inconsistency? [1] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00093.html [2] http://bugs.debian.org/429726 [3] http://security-tracker.debian.net/tracker/CVE-2007-3316 [4] http://security-tracker.debian.net/tracker/CVE-2007-3467 [5] http://security-tracker.debian.net/tracker/CVE-2007-3468 P.S.: Please Cc: me on replies, as I am not a list subscriber. Thanks. -- http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html Need to read a Debian testing installation walk-through? ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070711/8c50310c/attachment.pgp