Your message dated Sun, 15 Jan 2012 15:41:18 +0100
with message-id <1326638478.4782.38.camel@scapa>
and subject line Re: Bug#655960: security-tracker: DSA-2388-1 vs. tracker
has caused the Debian Bug report #655960,
regarding security-tracker: DSA-2388-1 vs. tracker
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
655960: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655960
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: security-tracker
Severity: normal
Hi!
The tracker page [1] for DSA-2388-1 [2] looks OK, but some of the
referenced CVE tracker pages [3][4] claim that t1lib/5.1.2-3.3 is still
vulnerable in wheezy and sid, while the DSA [2] claims that all the
CVEs are fixed in wheezy and sid by t1lib/5.1.2-3.3 ...
Assuming that the DSA is right and the tracker is wrong, please
fix this inconsistency.
Thanks for your time!
[1] http://security-tracker.debian.org/tracker/CVE-2010-2642
[2] http://lists.debian.org/debian-security-announce/2012/msg00011.html
[3] http://security-tracker.debian.org/tracker/CVE-2010-2642
[4] http://security-tracker.debian.org/tracker/CVE-2011-0433
--- End Message ---
--- Begin Message ---
On dim., 2012-01-15 at 09:24 -0500, Michael Gilbert wrote:
> On Sun, Jan 15, 2012 at 7:42 AM, Yves-Alexis Perez wrote:
> > On dim., 2012-01-15 at 12:53 +0100, Francesco Poli (wintermute) wrote:
> >> Package: security-tracker
> >> Severity: normal
> >>
> >> Hi!
> >>
> >> The tracker page [1] for DSA-2388-1 [2] looks OK, but some of the
> >> referenced CVE tracker pages [3][4] claim that t1lib/5.1.2-3.3 is still
> >> vulnerable in wheezy and sid, while the DSA [2] claims that all the
> >> CVEs are fixed in wheezy and sid by t1lib/5.1.2-3.3 ...
> >>
> >> Assuming that the DSA is right and the tracker is wrong, please
> >> fix this inconsistency.
> >>
> >> Thanks for your time!
> >
> > You're perfectly right, wheezy/sid doesn't have a fix for 2011-0433 and
> > 2010-2642, for some reason. I'm gonna prepare another NMU and an errata
> > for the DSA.
>
> You shouldn't need to send another announcement for a minor correction
> like this. Correcting it in the tracker is sufficient.
>
Ok, then I'm closing the bug since the tracker is now correct and the
package uploaded to sid.
Regards,
--
Yves-Alexis
signature.asc
Description: This is a digitally signed message part
--- End Message ---
