On Tue, Mar 09, 2004 at 05:15:42PM +0100, Jan L??hr wrote: > over the last months, various security related bugs in mozilla appeared and > were fixed in new versions of mozilla - but what about the debian package? > Are there any efforts for making mozilla secure or to backport the mozilla > patches to debian? > Due to depency with galeon new mozilla versions cannot be intergrated easily, > but right now, the debian mozilla contains some seriuos security related > bugs. > So is mozilla the forgotten package? Considering how popular mozilla is, > making it secure would be worth the effort - imho. I think it's a case of time and energy. I started updating the current woody packages to handle some of the reports, after mdz pointed me to a list. However it was very timeconsuming and very shortly after I started I stopped having to support graphical stable boxes; so it became a non issue for me. There are patches around for some (most?) of the holes, it just takes somebody with the patience to apply them and build fixed versions to share - then I'm sure we'd see a new stable release. Steve -- # Debian Security Audit Project http://www.shellcode.org/Audit/
Attachment:
pgpMQy8vEUfS1.pgp
Description: PGP signature