Bug#528281: closed by Nico Golde <nion at debian.org> (Re: Bug#528281: gnutls26: CVE-2009-1417 certificate expiration vulnerability)

Michael S. Gilbert michael.s.gilbert at gmail.com
Fri May 15 18:24:05 UTC 2009


On Fri, 15 May 2009 20:15:49 +0200, Andreas Metzler wrote:
> On 2009-05-15 "Michael S. Gilbert" <michael.s.gilbert at gmail.com> wrote:
> > On Tue, 12 May 2009 00:03:05 +0000, Debian Bug Tracking System wrote:
> > > This is an automatic notification regarding your Bug report
> > > which was filed against the gnutls26 package:
> > > 
> > > #528281: gnutls26: CVE-2009-1417 certificate expiration vulnerability
> 
> > does it make sense to close this bug since etch/lenny are still
> > vulnerable?  from my perspective, it is better to keep the bug open so
> > that it stays on the maintainer's radar.
> 
> We have version tracking. It is marked fixed in 2.6.6-1.
> cu andreas

yes, i agree that this is useful, but should a message be sent to
XXXXXX-done at bugs.debian.org before all affected versions are fixed?  i
don't consider a bug as being done until all versions are fixed.

mike





More information about the Pkg-gnutls-maint mailing list