The Firefox maintainer, Chris Aillon asked me to forward this along to this list. He's swamped right now trying to get the fixes for the various Mozilla security issues backported. He's looking for anyone willing to help roll new Firefox packages for FC5 and rawhide. Thanks. -- JB ------- Forwarded Message Date: Mon, 12 Jun 2006 13:07:43 -0400 From: Christopher Aillon <caillon@xxxxxxxxxx> To: Matthew Miller <mattdm@xxxxxxxxxx> cc: Josh Bressers <bressers@xxxxxxxxxx>, fedora-security-list@xxxxxxxxxx Subject: Re: [Fwd: Re: New Mozilla vulnerabilities??] Matthew Miller wrote: > On Mon, Jun 12, 2006 at 06:43:22AM -0400, Josh Bressers wrote: > >> The plan is to move everything to seamonkey, but there is much testing that >> needs to be done. We're not ready yet, which is why we are backporting the >> critical patches first. >> > > But in the meantime, what about firefox in FC5, which is already 1.5.0.x? > Does the (presumably) easier fix for the current release have to wait on the > harder work for the older releases? As far as I can tell, there wasn't even > a bug entry for this, and I had to file it myself. (And it's gotten no > response at all.) > > <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194617> > > C'mon, it may not be a remote root compromise, but it is highly visible and > _could_ allow remote code execution. Fedora can do better than this! > > If someone wants to simply rev the spec, commit, and build, that's fine (and very welcome) as long as the Release is set to 2 for rawhide, and 1.1.fc5 for fc5 (to keep up with my numbering scheme). I find its best to not jump out of doing something you'd rather not jump back into, which is why I'm focusing on the backport. ------- End of Forwarded Message