Package: security-tracker Severity: normal On https://security-tracker.debian.org/tracker/CVE-2014-3660 I can see:
Release Version Status jessie 2.9.1+dfsg1-5 fixed stretch 2.9.1+dfsg1-5 vulnerable i.e. the same version of the package is listed both as fixed and vulnerable! According to bug 765722, it should be fixed. This is very confusing for the user who wants to know whether some installed package is vulnerable or not. -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
