Le lun 05 jun 2006 00:14:36 GMT Francesco Poli <[EMAIL PROTECTED]> a écrit : > * mozilla-thunderbird (unfixed) for CVE-2006-0836, CVE-2006-0295, > CVE-2006-0298, CVE-2006-0299, CVE-2006-0297, CVE-2006-0294, > CVE-2005-3402 > > Since mozilla-thunderbird is now a dummy transitional package, its > vulnerabilities should be attributed to the real package (that is to > say, thunderbird). > Out of these 7 issues, 5 are claimed[1] to be fixed in thunderbird > version 1.5.0.2-1, which has already migrated to testing (for all archs, > except s390 which is not release candidate, though). > Those 5 seemingly solved issues are: > CVE-2006-0294 CVE-2006-0295 CVE-2006-0297 CVE-2006-0298 CVE-2006-0299 > > The remaining 2 vulnerabilities (CVE-2006-0836 and CVE-2005-3402) are > maybe still present in sid (package thunderbird, I think). > > Is this correct?
Hello, Thanks for your report, my understanding is that your are right, we have to track mozilla-firefox/mozilla-thunderbird sources packages for sarge and firefox/thunderbird sources packages for etch and sid. I have added some [sarge] target to mozilla-firefox and mozilla-thunderbird for issues you mention. Moritz, I've just noticed that you do not always add [sarge] for issues in mozilla-firefox that are also in firefox, is there any reason for that? Am I misunderstanding something? If you agree, I can add [sarge] for all mozilla-firefox and mozilla-thunderbird issues. Regards. -- Djoume SALVETTI
pgpPuTl1WwR20.pgp
Description: PGP signature
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
