* Frédéric Brière: > My apologies to the security team if I'm babbling nonsense, but > security-tracker shows CVE-2007-1594 as being fixed in etch's > 1:1.2.13~dfsg-2, while the CVE claims this was only fixed in 1.2.17. > Is this normal?
No. 8-) At the botem of the page, there is a table that lists the raw data. | The information above is based on the following data on fixed versions. | | Package Type Release Fixed Version Urgency Origin Debian Bugs | asterisk source (unstable) 1:1.4.2~dfsg-1 medium 419820 | asterisk source sarge (not affected) In this case, we forgot to include the epoch "1:" in the version number, so the 1.2 version was wrongly marked as fixed. Thanks for reporting this, and sorry to the Asterisk folks for cluttering their bug report.
