Gerfried Fuchs wrote: > Actually makes me wonder: Did upstream not provide informations in > which of their release they fixed the issue?
No, they did not. This security issue was reported/fixed for Firefox by Mozilla in their internal cairo copy: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2044 > It's moren than "a significant additional effort" if the version > information in the tracker can't be trusted, and according to your > approach shouldn't be trusted. This is more than just a pain, sorry. The version noted in the tracker is taken from changelogs if the issue can be clearly identified. If that is not the case - as with CVE-2009-2044 - we check the code, but don't copy information from security databases, CVE descriptions and other poorly maintained information sources. Cheers, Moritz -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
