On Wed, May 08, 2002 at 02:51:51PM -0400, Noah L. Meyerhans imagined: > On Wed, May 08, 2002 at 03:26:46PM +0200, Robert Millan wrote: > > http://sec.greymagic.com/adv/gm001-ns/ > > > > It claims to affect 0.9.7+ but on 1.0 all it does is > > crashing my browser.
> That bug was fixed in the version of mozilla from sid, but > *not* woody. Woody appears vulnerable and had probably better > get fixed before the release. > > noah The Woody/security issue really is a systemic problem with the Debian release structure IMO. I'm sure it has been discussed to death, but I would really like to see either: a) woody receiving security patches as soon as sid and potato; or b) no woody. I think it is that simple, and the current situation is atrocious and unacceptable, from a security perspective. As far as mozilla/sid goes, my browser crashes too, which is technically a 'fix', but not a real fix. A real fix would avoid the expoit, and not crash :-) Too bad I don't code more advanced stuff - maybe someday... My $0.02, Raymond -- "You deserve to be able to cooperate openly and freely with other people who use software. You deserve free software." -Richard M. Stallman, Free Software Foundation, http://www.fsf.org
pgpPucJAPdYyJ.pgp
Description: PGP signature