Hi all! Joey Hess suggested me to report issues like the following to this list.
By giving a look to some vulnerabilities listed in the testing-security track page (http://spohr.debian.org/~joeyh/testing-security.html), I noticed that some data don't seem to be updated. For example: * mozilla-thunderbird (unfixed) for CVE-2006-0836, CVE-2006-0295, CVE-2006-0298, CVE-2006-0299, CVE-2006-0297, CVE-2006-0294, CVE-2005-3402 Since mozilla-thunderbird is now a dummy transitional package, its vulnerabilities should be attributed to the real package (that is to say, thunderbird). Out of these 7 issues, 5 are claimed[1] to be fixed in thunderbird version 1.5.0.2-1, which has already migrated to testing (for all archs, except s390 which is not release candidate, though). Those 5 seemingly solved issues are: CVE-2006-0294 CVE-2006-0295 CVE-2006-0297 CVE-2006-0298 CVE-2006-0299 The remaining 2 vulnerabilities (CVE-2006-0836 and CVE-2005-3402) are maybe still present in sid (package thunderbird, I think). Is this correct? [1] by http://spohr.debian.org/~joeyh/testing-security.html itself * mysql-dfsg (unfixed; bug #365939) for CVE-2006-1518, CVE-2006-1517, CVE-2006-1516 The bug report[2] refers to package mysql-server-5.0 and claims that the issue is fixed in mysql-dfsg-5.0 version 5.0.21-1, which is superseded by 5.0.22-2 in sid. Testing seems to be still vulnerable, because it has version 5.0.20-1. [2] http://bugs.debian.org/365939 [3] http://bjorn.haxx.se/debian/testing.pl?package=mysql-server-5.0 Please note that I'm (slowly) performing other similar checks, hence other reports like this could reach this list in the future. Joey Hess told me that the bug status tracking is still done manually: I hope it can be automated soon! P.S.: I am not subscribed to the list, so, please, Cc: me on replies, if any. Thanks. -- :-( This Universe is buggy! Where's the Creator's BTS? ;-) ...................................................................... Francesco Poli GnuPG Key ID = DD6DFCF4 Key fingerprint = C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
pgp2HR8edAe5F.pgp
Description: PGP signature
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
