Hi, My name is Guy Hudara, and I am working at Whitesource.
I have a few questions about the JSON feed of the security tracker given in this URL: https://security-tracker.debian.org/tracker/data/json 1. About the “status” field: 1. If it is “*open*” on a given version, does this mean that all previous versions of that package are also vulnerable with respect to the CVE? 2. If it is “*resolved*”, does this mean that all previous versions of that package are vulnerable with respect to the CVE? 3. What does it mean the a version is “*undetermined*” ? 2. About the “repositories”. In the below example: what is the different between the “*stretch*” repository and the “*stretch-security*” repository? "stretch": { "status": "resolved", "repositories": { "stretch": "7.1.0+dfsg-13+deb9u3", "stretch-security": "7.1.0+dfsg-13+deb9u3" }, "fixed_version": "0.4e-21", "urgency": "not yet assigned" } -- *Thanks,* *H Guy*
