[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mozilla - the forgotten package?



On Tue, Mar 09, 2004 at 05:15:42PM +0100, Jan L??hr wrote:

> over the last months, various security related bugs in mozilla appeared and 
> were fixed in new versions of mozilla - but what about the debian package? 
> Are there any efforts for making mozilla secure or to backport the mozilla 
> patches to debian?

> Due to depency with galeon new mozilla versions cannot be intergrated easily, 
> but right now, the debian mozilla contains some seriuos security related 
> bugs.

> So is mozilla the forgotten package? Considering how popular mozilla is, 
> making it secure would be worth the effort - imho.

  I think it's a case of time and energy.  I started updating the
 current woody packages to handle some of the reports, after mdz 
 pointed me to a list.

  However it was very timeconsuming and very shortly after I started I
 stopped having to support graphical stable boxes; so it became a non
 issue for me.

  There are patches around for some (most?) of the holes, it just takes 
 somebody with the patience to apply them and build fixed versions to
 share - then I'm sure we'd see a new stable release.

Steve
--
# Debian Security Audit Project
http://www.shellcode.org/Audit/

Attachment: pgpbOEaiLMK9p.pgp
Description: PGP signature


Reply to: