Bug#658545: security-tracker: DSA-2401-1 vs. tracker
Package: security-tracker
Severity: normal
Hello!
DSA-2401-1 [1] claims that a number of referenced vulnerabilities
are fixed in sid by tomcat6/6.0.35-1
However, two vulnerabilities (CVE-2011-3190 [2] and CVE-2011-4858 [3])
out of the 10 referenced ones are shown as not fixed in sid and wheezy
on the tracker.
Is the DSA wrong or is the tracker incorrect?
In the latter case, please fix the tracker data.
Otherwise, please clarify.
Thanks for your time!
[1] http://lists.debian.org/debian-security-announce/2012/msg00025.html
[2] http://security-tracker.debian.org/tracker/CVE-2011-3190
[3] http://security-tracker.debian.org/tracker/CVE-2011-4858
Reply to: