Bug#658545: security-tracker: DSA-2401-1 vs. tracker

["Francesco Poli \(wintermute\)" <invernomuto@paranoici.org>]

Package: security-tracker
Severity: normal

Hello!

DSA-2401-1 [1] claims that a number of referenced vulnerabilities
are fixed in sid by tomcat6/6.0.35-1
However, two vulnerabilities (CVE-2011-3190 [2] and CVE-2011-4858 [3])
out of the 10 referenced ones are shown as not fixed in sid and wheezy
on the tracker.

Is the DSA wrong or is the tracker incorrect?
In the latter case, please fix the tracker data.
Otherwise, please clarify.

Thanks for your time!

[1] http://lists.debian.org/debian-security-announce/2012/msg00025.html
[2] http://security-tracker.debian.org/tracker/CVE-2011-3190
[3] http://security-tracker.debian.org/tracker/CVE-2011-4858