On 19/07/2020 11:52, Thorsten Alteholz wrote: > Hi Emilio, > > thanks a lot for working on this. > > On Tue, 7 Jul 2020, Emilio Pozuelo Monfort wrote: >> CVE-2019-11187/gosa fixed in jessie and buster but no-dsa in stretch (Minor >> issue) > > This seems to have been fixed via opu. > >> CVE-2019-3866/mistral fixed in jessie and buster but no-dsa in stretch (Minor >> issue; can be fixed via point release) >> CVE-2019-3866/python-oslo.utils fixed in jessie and buster but no-dsa in >> stretch (Minor issue; can be fixed via point release) > > mistral in buster has been fixed via unstable, so should not be mentioned > here, > shouldn't it? > python-oslo.utils is <not-affected> in jessie. Probably one CVE for two > different packages resolved differently confused your script?
Yeah, looks like the script tripped on that special case. I'll have a look at it. Thanks, Emilio
