[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: possible hole in mozilla et al



On Wed, May 08, 2002 at 02:51:51PM -0400, Noah L. Meyerhans imagined:

> On Wed, May 08, 2002 at 03:26:46PM +0200, Robert Millan wrote:
> > http://sec.greymagic.com/adv/gm001-ns/
> > 
> > It claims to affect 0.9.7+ but on 1.0 all it does is
> > crashing my browser.

> That bug was fixed in the version of mozilla from sid, but
> *not* woody.  Woody appears vulnerable and had probably better
> get fixed before the release.
> 
> noah

The Woody/security issue really is a systemic problem with the
Debian release structure IMO.  I'm sure it has been discussed to
death, but I would really like to see either:
  a) woody receiving security patches as soon as sid and potato;
    or
  b) no woody.
I think it is that simple, and the current situation is
atrocious and unacceptable, from a security perspective.  

As far as mozilla/sid goes, my browser crashes too, which is
technically a 'fix', but not a real fix.  A real fix would
avoid the expoit, and not crash :-)

Too bad I don't code more advanced stuff - maybe someday...

My $0.02,
Raymond
-- 
"You deserve to be able to cooperate openly and freely with other
people who use software.  You deserve free software."
 -Richard M. Stallman, Free Software Foundation, http://www.fsf.org

Attachment: pgpAbOHrBHth3.pgp
Description: PGP signature


Reply to: