> Hi folks,
>
> Pardon my top-posting. We may have some options here for the relatively-
> newly-discovered Mozilla/Firefox/Thunderbird/Seamonkey vulnerabilities, and
> I'd like to get a feel for what you all would like to do?
>
> (I believe) Red Hat is backporting patches for the Mozilla-1.7.13 / Firefox-
> 1.0.8 packages that we just (belatedly) released yesterday... (and perhaps
> for Thunderbird too?) But then after these patches, my under- standing then
> is that that's the end-of-the-line for RHEL-supported Mozilla-1.7.13/
> {Firefox,Thunderbird}-1.0.8 packages. And there is no way that we have the
> kind of expertise to extend support beyond what RHEL can do on these
> products....
The only potentially critical issue for Thunderbird is this one:
http://www.mozilla.org/security/announce/2006/mfsa2006-40.html
We don't plan on fixing this for RHEL4 since there is double free detection
in newish glibc, turning this issue into a crash (which is not critical).
Anything after and including FC3 should have this protection, but nothing
before.
As a heads up, I recently learned of this page:
http://wiki.mozilla.org/WeeklyUpdates/2006-06-05#FF.2FTB_1.5.0.5
It seems we can expect the next round of pain on 2006-07-19. That's a
fairly aggressive date so it may slip, but should be near that date.
--
JB
--
fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list
