Thomas Bushnell BSG wrote:
It would be very nice if Mozilla would publish to distributions like ours a description of the security problem, and then a separate patch for that specific problem.
1. You to be going to
<http://www.mozilla.org/projects/security/known-vulnerabilities.html>
2. You to be following links to bugzilla entries
3. You to be downloading patch there or better yet search for CVS
checkin, which has that bug number in commit log.
This is only possible after a release, like right now, i.e. when it's
already too late. Distributions like yours, in your case Matt Zimmerman,
have access to the resources before that, including bug report details
under embargo. It does involve watching the list to see when releases
are upcoming and why.