Latest firefox vulnerability
Eric Dorland
eric at debian.org
Wed Jun 7 13:31:25 UTC 2006
* Alexander Sack (asac at debian.org) wrote:
> On Tue, Jun 06, 2006 at 08:03:59PM -0400, Eric Dorland wrote:
> > * Moritz Muehlenhoff (jmm at inutil.org) wrote:
> > > Alexander Sack wrote:
> > > > On Tue, Jun 06, 2006 at 11:45:56PM +0200, Moritz Muehlenhoff wrote:
> > > > > Michael Stone wrote:
> > > > > > Has anyone started looking into the latest set of vulnerabilities (the
> > > > > > firefox 1.5.0.4 set)?
> > > > >
> > > > > Is it actually sanely backportable to Sarge? I remember having read about
> > > > > API incompatibilities for Firefox extensions.
> > > >
> > > > Uploading 1.5.x should be the last option to consider. IMO, its not an option
> > > > at all for debian stable. Backporting to 1.0.x branch looks doable for most
> > > > issues, but definitely will take some time.
> > >
> > > Do you have access to all Bugzilla entries or are you extracting this from
> > > the interdiff?
> >
> > He's likely looking at the cvs commits, which give a bit more
> > granularity than interdiff.
> >
> > Didn't someone on the stable security team tell me they had access to
> > the secured bugs in the mozilla bugzilla? Has any distro released a
> > security fix for this? We definitely shouldn't be above borrowing
> > their work.
>
> I am looking at *bugs* and I am working with other distributors (redhat, suse)
> to get those fixes backported.
So you have access to the restricted bugs? That's good to know.
--
Eric Dorland <eric at kuroneko.ca>
ICQ: #61138586, Jabber: hooty at jabber.com
1024D/16D970C6 097C 4861 9934 27A0 8E1C 2B0A 61E9 8ECF 16D9 70C6
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+
O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+
G e h! r- y+
------END GEEK CODE BLOCK------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20060607/6102f350/attachment.pgp
More information about the pkg-mozilla-maintainers
mailing list