[Secure-testing-team] Updates for testing-security track page
Djoume SALVETTI
djoume at taket.org
Mon Jun 5 09:30:29 UTC 2006
Le lun 05 jun 2006 00:14:36 GMT Francesco Poli <frx at firenze.linux.it> a écrit :
> * mozilla-thunderbird (unfixed) for CVE-2006-0836, CVE-2006-0295,
> CVE-2006-0298, CVE-2006-0299, CVE-2006-0297, CVE-2006-0294,
> CVE-2005-3402
>
> Since mozilla-thunderbird is now a dummy transitional package, its
> vulnerabilities should be attributed to the real package (that is to
> say, thunderbird).
> Out of these 7 issues, 5 are claimed[1] to be fixed in thunderbird
> version 1.5.0.2-1, which has already migrated to testing (for all archs,
> except s390 which is not release candidate, though).
> Those 5 seemingly solved issues are:
> CVE-2006-0294 CVE-2006-0295 CVE-2006-0297 CVE-2006-0298 CVE-2006-0299
>
> The remaining 2 vulnerabilities (CVE-2006-0836 and CVE-2005-3402) are
> maybe still present in sid (package thunderbird, I think).
>
> Is this correct?
Hello,
Thanks for your report, my understanding is that your are right, we have
to track mozilla-firefox/mozilla-thunderbird sources packages for
sarge and firefox/thunderbird sources packages for etch and sid.
I have added some [sarge] target to mozilla-firefox and
mozilla-thunderbird for issues you mention.
Moritz, I've just noticed that you do not always add [sarge] for issues
in mozilla-firefox that are also in firefox, is there any reason for
that? Am I misunderstanding something?
If you agree, I can add [sarge] for all mozilla-firefox and
mozilla-thunderbird issues.
Regards.
--
Djoume SALVETTI
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060605/f43229e7/attachment.pgp
More information about the Secure-testing-team
mailing list