Le lun 05 jun 2006 13:53:39 GMT Djoume SALVETTI <[EMAIL PROTECTED]> a écrit : > > It's usually better to add "- mozilla-thunderbird <removed>" > > annotations. Otherwise, you might need to edit the CVE/list file for > > the DSA. > > Ok, so I'll add a : > > - mozilla-firefox <removed> > > to each firefox CVE if nobody object (and the same for thunderbird).
After more reflexion, I'm not sure it's a good idea to add all this <removed> entries when the issue is disclosed after the package have been removed. Also, I don't understand why I would have to edit the CVE/list file for the DSA if I only add [sarge] - mozilla-firefox 1.2.3 or [sarge] - mozilla-firefox <unfixed> (bug #123456) or [sarge] - mozilla-firefox <not-affected> (Only 1.5 is vulnerable) To firefox CVE entries when some info is available before a DSA is published. Regards. -- Djoume SALVETTI _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
