The Mozilla issues fixed in DSA-866-1 are not all listed as being fixed in etch/sid even though DSA claims otherwise.
This applies to: http://idssi.enyo.de/tracker/CVE-2005-2703 Also WRT CVE-2005-2395, it claims to be fixed in the mozilla-firefox package as of version 1.4.99+1.5rc3.dfsg-2, but not yet in the "firefox" package which is essentially just a renaming of the mozilla-firefox package. There is a note about "mozilla-firefox is now a transitional package" and if that is why it was marked fixed it would better be written "As of version BLAH mozilla-firefox is now an empty transitional package and so does not contain the vulnerability" Thanks, Julien
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
