[Secure-testing-team] Mozilla issues fixed in DSA-866-1 not listed
as being fixed in etch/sid even though DSA claims otherwise
Julien Goodwin
jgoodwin at studio442.com.au
Thu Jun 22 18:18:26 UTC 2006
The Mozilla issues fixed in DSA-866-1 are not all listed as being fixed
in etch/sid even though DSA claims otherwise.
This applies to:
http://idssi.enyo.de/tracker/CVE-2005-2703
Also WRT CVE-2005-2395, it claims to be fixed in the mozilla-firefox
package as of version 1.4.99+1.5rc3.dfsg-2, but not yet in the "firefox"
package which is essentially just a renaming of the mozilla-firefox
package. There is a note about "mozilla-firefox is now a transitional
package" and if that is why it was marked fixed it would better be
written "As of version BLAH mozilla-firefox is now an empty transitional
package and so does not contain the vulnerability"
Thanks,
Julien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060623/1289356f/signature.pgp
More information about the Secure-testing-team
mailing list