FWD: Re: New Mozilla vulnerabilities??
Josh Bressers
bressers at redhat.com
Mon Jun 12 18:17:14 UTC 2006
The Firefox maintainer, Chris Aillon asked me to forward this along to this
list. He's swamped right now trying to get the fixes for the various
Mozilla security issues backported. He's looking for anyone willing to
help roll new Firefox packages for FC5 and rawhide.
Thanks.
--
JB
------- Forwarded Message
Date: Mon, 12 Jun 2006 13:07:43 -0400
From: Christopher Aillon <caillon at redhat.com>
To: Matthew Miller <mattdm at mattdm.org>
cc: Josh Bressers <bressers at redhat.com>, fedora-security-list at redhat.com
Subject: Re: [Fwd: Re: New Mozilla vulnerabilities??]
Matthew Miller wrote:
> On Mon, Jun 12, 2006 at 06:43:22AM -0400, Josh Bressers wrote:
>
>> The plan is to move everything to seamonkey, but there is much testing that
>> needs to be done. We're not ready yet, which is why we are backporting the
>> critical patches first.
>>
>
> But in the meantime, what about firefox in FC5, which is already 1.5.0.x?
> Does the (presumably) easier fix for the current release have to wait on the
> harder work for the older releases? As far as I can tell, there wasn't even
> a bug entry for this, and I had to file it myself. (And it's gotten no
> response at all.)
>
> <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194617>
>
> C'mon, it may not be a remote root compromise, but it is highly visible and
> _could_ allow remote code execution. Fedora can do better than this!
>
>
If someone wants to simply rev the spec, commit, and build, that's fine
(and very welcome) as long as the Release is set to 2 for rawhide, and
1.1.fc5 for fc5 (to keep up with my numbering scheme). I find its best
to not jump out of doing something you'd rather not jump back into,
which is why I'm focusing on the backport.
------- End of Forwarded Message
More information about the Fedora-maintainers
mailing list