[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 810-1] New Mozilla packages fix several vulnerabilities

On Tue, Sep 13, 2005 at 02:35:18PM +0100, Matthew Garrett wrote:
> (From debian-security-announce)

> Martin Schulze <joey@infodrom.org> wrote:

> > Several problems have been discovered in Mozilla, the we browser of
> > the Mozilla suite.  Since the usual praxis of backporting apparently
> > does not work for this package, this update is basically version
> > 1.7.10 with the version number rolled back, and hence still named
> > 1.7.8.  The Common Vulnerabilities and Exposures project identifies
> > the following problems:

> Hmm. Is this really a good idea? I can see that the Mozilla developers
> give us no real option other than to ship a newer version, but if that's
> what we're doing then changing the version number back seems a bit odd.

FWIW, I read this as "we applied all the same patches that were
included in 1.7.10, but we left out the 800 pounds of autogenerated
upstream diff resulting from use of $Id$ tags with embedded CVS branch

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

Attachment: signature.asc
Description: Digital signature

Reply to: