[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Troubling security news for sarge users of mozilla, firefox,thunderbird...

On 08/04/2005 11:20 AM, Kevin B. McCarty wrote:
> I backported the newest versions of mozilla, firefox, thunderbird and
> enigmail to Sarge.  (Sorry, no galeon or epiphany since I don't use
> them.)  Anyone who wants them and is willing to trust me (shouldn't be
> too scary since I'm in the NM queue  :-)  can get the packages here:
> deb http://borex.princeton.edu/~kmccarty/ sarge main
> deb-src http://borex.princeton.edu/~kmccarty/ sarge main

To all:

Having read your replies and having followed the very indecisive threads
 on debian-security, I went ahead and installed the backported
thunderbird/enigmail from Alexander Sack and firefox from Kevin McCarty.

The installs were flawless, and so far, so good. :)

Thanks to both Alex and Kevin for taking positive action on this for us

As a debian user, I'm not happy about how our community is resolving
this security problem with mozilla-* packages.  The security bug for
thunderbird (318728) is Severity: grave, Tags: sarge, security; but for
firefox (318061) it's resolved, Done, Will be archived: in 20 days.
Anyone checking the BTS page for mozilla-firefox could easily miss the
Grave security bug that in fact exists in sarge.

There still has been no DSA (Debian Security Advisory).

How are users to be notified of these security issues if not from a DSA?

How will debian's reputation for excellence be maintained with this lax
security effort?

We can do better.

Thank you,

Reply to: