mozilla-thunderbird 1.0.2-2.sarge1.0.8a is available too.
joey at infodrom.org
Mon Jul 24 18:45:15 UTC 2006
Alexander Sack wrote:
> On Mon, Jul 24, 2006 at 06:53:57PM +0200, Mike Hommey wrote:
> > On Mon, Jul 24, 2006 at 04:29:14PM +0200, Alexander Sack <asac at jwsdot.com> wrote:
> > > On Mon, Jul 24, 2006 at 04:13:10PM +0200, Martin Schulze wrote:
> > > > > This release covers the same issues as mozilla sarge7.1 ... so you
> > > > > can use the same advisory for it.
> > > >
> > > > Great.
> > > >
> > >
> > > ... for sid the issues are fixed since thunderbird 188.8.131.52-1.
> > ... and xulrunner 184.108.40.206-1 for galeon and epiphany.
> How should we deals with those derivates in future? Shouldn't we
> mention them in the advisory of the package they depend upon? Or
> should we assume that gecko users are smart enough to realize that
> they are affected too?
Imho we should mention them (if we don't forget) in advisories for
those packages that they replace. In this case, they should've been
mentioned in the advisories for Mozilla and Firebird. Now they're
mentioned in Thunderbird, which is better than nothing, but not perfect,
but that's life.
(don't consider users to be smart enough - many are, but too many aren't)
Long noun chains don't automatically imply security. -- Bruce Schneier
More information about the pkg-mozilla-maintainers