[Secure-testing-team] Re: [Secure-testing-commits] r4478 -
data/CVE
Moritz Muehlenhoff
jmm at inutil.org
Tue Aug 1 17:59:40 UTC 2006
Stefan Fritsch wrote:
> On Monday 31 July 2006 20:49, Moritz Muehlenhoff wrote:
> > Stefan Fritsch wrote:
> > > +CVE-2006-3812 [firefox/mozilla chrome: scheme loading remote
> > > content] RESERVED
> > > -CVE-2006-3811
> > > + NOTE: MFSA-2006-56
> > > + - mozilla <unfixed> (medium)
> > > + - xulrunner <unfixed> (medium)
> > > + - mozilla-firefox <removed> (medium)
> > > + - firefox 1.5.dfsg+1.5.0.5-1 (medium)
> > > + - thunderbird <unfixed> (unimportant)
> > > + - mozilla-thunderbird <removed> (unimportant)
> >
> > <removed> entries are not required for transitional source package
> > names like this, the tracker notices that they are not present in a
> > suite.
>
> mozilla-firefox in unstable is a transitional binary package (built
> from the firefox source package). There is no source package
> mozilla-firefox anymore.
>
> I meant to mark the mozilla-firefox source package in sarge as
> vulnerable. I think the following three entries are equivalent in
> this case:
>
> - mozilla-firefox <removed>
> - mozilla-firefox <unfixed>
> [sarge] - mozilla-firefox <unfixed>
>
> Or am I missing something?
It's more or less the same, but <removed> was thought for packages, which
have been removed as a whole without ever having been fixed.
Cheers,
Moritz
More information about the Secure-testing-team
mailing list