On Wed, Mar 10, 2004 at 05:06:12PM +0100, Florian Weimer wrote: > Jan L?hr wrote: > > > So is mozilla the forgotten package? Considering how popular mozilla is, > > making it secure would be worth the effort - imho. > > How many of Mozilla's security bugs which are fix during routine > upgrades are discussed publicly? Can they be backported easily?
A number of the bug reports and patches (in Bugzilla) are still not publicly accessible, even though the bugs have been known and released for quite some time. Some are straightforward to backport; others involve a lengthy search just to determine if the same problem exists in an older version. -- - mdz