On Wed, May 08, 2002 at 02:51:51PM -0400, Noah L. Meyerhans imagined:
> On Wed, May 08, 2002 at 03:26:46PM +0200, Robert Millan wrote:
> > http://sec.greymagic.com/adv/gm001-ns/
> >
> > It claims to affect 0.9.7+ but on 1.0 all it does is
> > crashing my browser.
> That bug was fixed in the version of mozilla from sid, but
> *not* woody. Woody appears vulnerable and had probably better
> get fixed before the release.
>
> noah
The Woody/security issue really is a systemic problem with the
Debian release structure IMO. I'm sure it has been discussed to
death, but I would really like to see either:
a) woody receiving security patches as soon as sid and potato;
or
b) no woody.
I think it is that simple, and the current situation is
atrocious and unacceptable, from a security perspective.
As far as mozilla/sid goes, my browser crashes too, which is
technically a 'fix', but not a real fix. A real fix would
avoid the expoit, and not crash :-)
Too bad I don't code more advanced stuff - maybe someday...
My $0.02,
Raymond
--
"You deserve to be able to cooperate openly and freely with other
people who use software. You deserve free software."
-Richard M. Stallman, Free Software Foundation, http://www.fsf.org
Attachment:
pgpzbfhS19lyT.pgp
Description: PGP signature