Latest firefox vulnerability
Alexander Sack
asac at debian.org
Wed Jun 7 06:39:15 UTC 2006
On Tue, Jun 06, 2006 at 08:03:59PM -0400, Eric Dorland wrote:
> * Moritz Muehlenhoff (jmm at inutil.org) wrote:
> > Alexander Sack wrote:
> > > On Tue, Jun 06, 2006 at 11:45:56PM +0200, Moritz Muehlenhoff wrote:
> > > > Michael Stone wrote:
> > > > > Has anyone started looking into the latest set of vulnerabilities (the
> > > > > firefox 1.5.0.4 set)?
> > > >
> > > > Is it actually sanely backportable to Sarge? I remember having read about
> > > > API incompatibilities for Firefox extensions.
> > >
> > > Uploading 1.5.x should be the last option to consider. IMO, its not an option
> > > at all for debian stable. Backporting to 1.0.x branch looks doable for most
> > > issues, but definitely will take some time.
> >
> > Do you have access to all Bugzilla entries or are you extracting this from
> > the interdiff?
>
> He's likely looking at the cvs commits, which give a bit more
> granularity than interdiff.
>
> Didn't someone on the stable security team tell me they had access to
> the secured bugs in the mozilla bugzilla? Has any distro released a
> security fix for this? We definitely shouldn't be above borrowing
> their work.
I am looking at *bugs* and I am working with other distributors (redhat, suse)
to get those fixes backported.
- Alexander
--
GPG messages preferred. | .''`. ** Debian GNU/Linux **
Alexander Sack | : :' : The universal
asac at debian.org | `. `' Operating System
http://www.asoftsite.org/ | `- http://www.debian.org/
More information about the pkg-mozilla-maintainers
mailing list