[Secure-testing-team] Updates for testing-security track page
Djoume SALVETTI
salvetti at crans.org
Thu Jun 8 16:47:24 UTC 2006
Le lun 05 jun 2006 13:53:39 GMT Djoume SALVETTI <Djoume.Salvetti at crans.org> a écrit :
> > It's usually better to add "- mozilla-thunderbird <removed>"
> > annotations. Otherwise, you might need to edit the CVE/list file for
> > the DSA.
>
> Ok, so I'll add a :
>
> - mozilla-firefox <removed>
>
> to each firefox CVE if nobody object (and the same for thunderbird).
After more reflexion, I'm not sure it's a good idea to add all this
<removed> entries when the issue is disclosed after the package have
been removed.
Also, I don't understand why I would have to edit the CVE/list file for
the DSA if I only add
[sarge] - mozilla-firefox 1.2.3
or
[sarge] - mozilla-firefox <unfixed> (bug #123456)
or
[sarge] - mozilla-firefox <not-affected> (Only 1.5 is vulnerable)
To firefox CVE entries when some info is available before a DSA is
published.
Regards.
--
Djoume SALVETTI
More information about the Secure-testing-team
mailing list