Re: Iceweasel ESR 10 security update.

[Mike Mestnik <cheako+debian-security@mikemestnik.net>]

On 01/12/13 12:12, Daniel Curtis wrote:
> Hi
> 
> Whether the Iceweasel 10.0.11 ESR package can be updated a little faster due
> to several security issues? On January 8 Mozilla published about 20
> Security Advisories[1]. Many distributions already have updated Firefox
> to the
> latest 18 and 10.0.12 ESR versions[2]. According to the website for
> developers
> (DPTS), Iceweasel is too young in the so-called /Testing Migration/ process.
> At this point it's only 3 of 10 days.
> 
> The fact is that the new Firefox (Iceweasel) version/update fixes many
> security
> problems. Most of the impact for these vulnerabilities were classified
> as Critical.
> So, is there any chance to push update for Wheezy and Squeeze-Backports
> a little faster? Why wait so many days in such an important moment?
> 
Anyone who installed Iceweasel 30 or more days ago has now been running
with these security problems for more then three times as long as they
would now have to wait.  What's this issue, that you are hoping now to
correct?  Pushing an update past the Testing Migration won't make up for
the fact that any system that's had Iceweasel installed has been
vulnerable for a while now.

If you are saying that these security problems were added to the Debian
Packages less then 30days ago I would think that there is something
wrong with how Iceweasel was handled...  Like as if the /Testing
Migration/ process was skipped.

Try harder not to introduce security problems into Debian to begin with,
rather then wasting effort trying to mop-up afterward.

Cheers!

> Best regards!
> 
> _______________
> [1] https://www.mozilla.org/security/known-vulnerabilities/firefox.html
> [2] Ubuntu, RedHat, Mandriva and many more...