Secure testing team - Jun 2006 - Mozilla issues fixed in DSA-866-1 not listed as being fixed in etch/sid even though DSA claims otherwise

The Mozilla issues fixed in DSA-866-1 are not all listed as being fixed
in etch/sid even though DSA claims otherwise.

This applies to:
http://idssi.enyo.de/tracker/CVE-2005-2703

Also WRT CVE-2005-2395, it claims to be fixed in the mozilla-firefox
package as of version 1.4.99+1.5rc3.dfsg-2, but not yet in the
"firefox"
 package which is essentially just a renaming of the mozilla-firefox
package. There is a note about "mozilla-firefox is now a transitional
package" and if that is why it was marked fixed it would better be
written "As of version BLAH mozilla-firefox is now an empty transitional
package and so does not contain the vulnerability"

Thanks,
Julien

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060623/1289356f/signature.pgp

Hi Julien,

On Thursday 22 June 2006 20:18, Julien Goodwin wrote:
> The Mozilla issues fixed in DSA-866-1 are not all listed as being
> fixed in etch/sid even though DSA claims otherwise.
>
> This applies to:
> http://idssi.enyo.de/tracker/CVE-2005-2703
I have corrected this error (should be in the tracker soon). Thanks 
for noticing it.
> Also WRT CVE-2005-2395, it claims to be fixed in the
> mozilla-firefox package as of version 1.4.99+1.5rc3.dfsg-2, but not
I have reworded this as well.

Cheers,
Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060622/49873b56/attachment.pgp