[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Re: Troubling security news for sarge users of mozilla, firefox,thunderbird...

On 08/12/2005 03:10 PM, Alexander Sack wrote:
>> firefox (318061) it's resolved, Done, Will be archived: in 20 days.
> I just looked at the bug and it is not closed. It's a visualization
> bug in our BTS IMO. I guess it has something to do with the new
> versioned bug tracking feature recently deployed to our bug database.

Hi Alex,

I don't know what "visualization bug" means.  I see this:

Debian Bug report logs: package mozilla-firefox

Scroll down that page, way down that page, to this:

> Grave functionality bugs - resolved (3 bugs)
> * #318061: mozilla-firefox: version 1.0.5 fixes several security bugs
>  Package: mozilla-firefox (1.0.4-3, 1.0.4-2; fixed: 1.0.5-1,
> 1.0.99+deerpark-alpha2-1); Severity: grave; Reported by: Florian
> Weimer <fw@deneb.enyo.de>; Tags: etch, sarge, security; Done: Mike
> Hommey <mh@glandium.org>; Will be archived: in 18 days.

So, I believe your thunderbird bug is correctly marked Grave, while this
one for firefox "Will be archived."  A close reading does show the
vulnerability in 1.0.4*, but it's too easy to miss, and in 18 days it's
gone for anyone looking to see problems in sarge on firefox.

There has yet to be a DSA on this for sarge.


Reply to: