Hi, Just checked data/CVE/list and noticed that this CVE lists openldap2.2 as <removed>. However, openldap2.2 is still in the archive, and is in oldstable. Surely it shouldn''t be listed as removed in this case? It is indeed affected by this bug. (I tried to run svn blame to target this query, but after 20 minutes of it not returning, aborted that!) Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
Hi Dominic, * Dominic Hargreaves <dom at earth.li> [2007-12-05 20:05]:> Just checked data/CVE/list and noticed that this CVE lists openldap2.2 > as <removed>. > > However, openldap2.2 is still in the archive, and is in oldstable. > Surely it shouldn''t be listed as removed in this case?I am not 100% sure but is this not a case for a [sarge] tag then?> It is indeed affected by this bug. > > (I tried to run svn blame to target this query, but after 20 minutes of > it not returning, aborted that!)It was me :) Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20071205/bcc53fe4/attachment.pgp
On Wed, Dec 05, 2007 at 07:04:10PM +0000, Dominic Hargreaves wrote:> Hi, > > Just checked data/CVE/list and noticed that this CVE lists openldap2.2 > as <removed>. > > However, openldap2.2 is still in the archive, and is in oldstable. > Surely it shouldn''t be listed as removed in this case?"- package VERSION" entries are for unstable. Since openldap2.2 is still in archive, but has never seen an unstable fix this is correct. As you can see at http://idssi.enyo.de/tracker/CVE-2007-5707 it is correctly listed as affected in oldstable, since the tracker parses the archives contents. Please use debian-security-tracker at l.d.o for such questions. Cheers, Moritz