Bug#410671: iceweasel: firefox leaks filehandles to external applications

[Marc Lehmann]

On Sun, Oct 02, 2011 at 04:12:29PM +0200, Mike Hommey <mh at glandium.org> wrote:
> See the upstream bug as to why it may or may not possible to use these.

I did so, and nowhere in this bug report does it say so, can you point me
to it?

The closest I find is that it is "inconvenient" and "expensive" (the
latter isn't true - readdir + 25 close calls are hardly more expensive
than 25 fcntls or similar - even the naive approach is without doubt not
too expensive).

There are indeed reasons why closing "most fds" can be an issue (for
example, os tracing functionality or message catalogs can keep fds open
unknown to the application) - none of these apply to debian however.

The fact that upstream finds fixing security bugs inconvenient or too
expensive doesn't mean debian should agree, and cetrainly doesn'T mean I
should agree to such a lousy excuse.

> It was tagged as unreproducible and wontfix before it was reassigned and
> merged to an existing bug in iceweasel. This is merely a side effect of
> the lack of feedback from the bug tracking system when a bug is
> reassigned and merged.
> 
> Check your facts before calling names.

So which facts did I get wrong and who did I call names? That this
security bug doesn't rceeive attention, that it was wrongly tagged
unreproducible and wontfix?

No matter what, it's a shame that debian doesn't care for security
anymore, especially in such an important program :(

-- 
                The choice of a       Deliantra, the free code+content MORPG
      -----==-     _GNU_              http://www.deliantra.net
      ----==-- _       generation
      ---==---(_)__  __ ____  __      Marc Lehmann
      --==---/ / _ \/ // /\ \/ /      schmorp at schmorp.de
      -=====/_/_//_/\_,_/ /_/\_\