Bug#783274: iceweasel: stop tracking ESR in testing/unstable and make an iceweasel-esr package instead
Sylvestre Ledru
sylvestre at mozilla.com
Sat Apr 25 09:54:40 UTC 2015
Le 25/04/2015 01:03, Christoph Anton Mitterer a écrit :
> Source: iceweasel
> Severity: wishlist
[...]
> Even when they're still supported by upstream, they simply receive far less
> scrutiny (in terms of security audits/analysis) than the current versions.
> Also often security holes are silently fixed, without being identified as such.
>
As Firefox release manager, I can tell you that this statement is incorrect.
For every security bug, if the information is not present, the question
"is ESR31 impacted?".
All security bugs impacting ESR are fixed just like the release.
We do security releases for ESR in case of 0 day or coordinated changes
(like disabling ssl v3).
And if you saw any security holes being silently fixed, this was not on
purpose and it was a mistake.
See the full list:
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
Cheers,
Sylvestre
More information about the pkg-mozilla-maintainers
mailing list