[Secure-testing-team] Re: [Secure-testing-commits] r4478 -
data/CVE
Stefan Fritsch
sf at sfritsch.de
Mon Jul 31 19:05:15 UTC 2006
On Monday 31 July 2006 20:49, Moritz Muehlenhoff wrote:
> Stefan Fritsch wrote:
> > +CVE-2006-3812 [firefox/mozilla chrome: scheme loading remote
> > content] RESERVED
> > -CVE-2006-3811
> > + NOTE: MFSA-2006-56
> > + - mozilla <unfixed> (medium)
> > + - xulrunner <unfixed> (medium)
> > + - mozilla-firefox <removed> (medium)
> > + - firefox 1.5.dfsg+1.5.0.5-1 (medium)
> > + - thunderbird <unfixed> (unimportant)
> > + - mozilla-thunderbird <removed> (unimportant)
>
> <removed> entries are not required for transitional source package
> names like this, the tracker notices that they are not present in a
> suite.
mozilla-firefox in unstable is a transitional binary package (built
from the firefox source package). There is no source package
mozilla-firefox anymore.
I meant to mark the mozilla-firefox source package in sarge as
vulnerable. I think the following three entries are equivalent in
this case:
- mozilla-firefox <removed>
- mozilla-firefox <unfixed>
[sarge] - mozilla-firefox <unfixed>
Or am I missing something?
Cheers,
Stefan
PS: stef-guest at costa.debian.org won't reach me.
More information about the Secure-testing-team
mailing list