[Secure-testing-team] Re: [Secure-testing-commits] r4478 -
data/CVE
Florian Weimer
fw at deneb.enyo.de
Mon Jul 31 21:11:50 UTC 2006
* Stefan Fritsch:
> I meant to mark the mozilla-firefox source package in sarge as
> vulnerable. I think the following three entries are equivalent in
> this case:
>
> - mozilla-firefox <removed>
> - mozilla-firefox <unfixed>
> [sarge] - mozilla-firefox <unfixed>
>
> Or am I missing something?
The code agrees with you.
elif v in ('unfixed', 'removed'):
pkg_notes.append(PackageNoteParsed
(p, None, d, release=release))
("None" in this context means "unfixed".)
Since the package is only present in sarge, the release annotation (or
the lack thereof) doesn't matter, either.
More information about the Secure-testing-team
mailing list