Francesco Poli
2006-Dec-20 01:34 UTC
[Secure-testing-team] Firefox/Iceweasel holes counted twice
Hi all! It seems that the security bug tracker[1] lists Iceweasel vulnerabilities twice, as it lists them for both firefox and iceweasel packages for unstable[2]. Since firefox is now a transition package for iceweasel rename, it does not have any vulnerabilities on its own: I think it should *not* be considered affected by security issues anymore. [1] http://security-tracker.debian.net/ [2] http://security-tracker.debian.net/tracker/status/release/unstable P.S.: Please Cc: me on replies, as I am not a list subscriber. Thanks. -- But it is also tradition that times *must* and always do change, my friend. -- from _Coming to America_ ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20061220/b2d8109c/attachment.pgp
Stefan Fritsch
2006-Dec-20 13:18 UTC
[Secure-testing-team] Firefox/Iceweasel holes counted twice
Hi Francesco,> It seems that the security bug tracker[1] lists Iceweasel > vulnerabilities twice, as it lists them for both firefox and iceweasel > packages for unstable[2].This is intentional as the tracking is by source package. The firefox source package is still vulnerable and is still both in unstable and testing. However the firefox binary package in unstable is created from the iceweasel source package and therefore has fewer vulnerabilities than the the firefox binary package in testing. There is no page in the security bug tracker that shows an overview over vulnerabilities in binary packages. However debsecan should give you this information (I think). HTH. Cheers, Stefan
Francesco Poli
2006-Dec-20 22:21 UTC
[Secure-testing-team] Firefox/Iceweasel holes counted twice
On Wed, 20 Dec 2006 13:18:42 +0100 (CET) Stefan Fritsch wrote:> Hi Francesco, > > > It seems that the security bug tracker[1] lists Iceweasel > > vulnerabilities twice, as it lists them for both firefox and > > iceweasel packages for unstable[2]. > > This is intentional as the tracking is by source package. The firefox > source package is still vulnerable and is still both in unstable and > testing.[...] Ah, I see. I didn''t notice that firefox source package is still in unstable... Thanks for the explanation and sorry for the useless noise! :) -- But it is also tradition that times *must* and always do change, my friend. -- from _Coming to America_ ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20061220/de554e15/attachment.pgp