Your message dated Mon, 01 May 2006 09:14:44 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Fixed
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: mozilla-firefox
Version: 1.0.4-2sarge
Severity: critical
Hi,
I'm using the very latest version of Debian, which is 3.1r2
(Sarge + all security updates). The IT people at work here are bugging
me because the version of firefox installed on my system contains
multiple vulnerabilities.
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox
I don't always agree with our IT people, but it seems to my
that Firefox 1.0.8 fixes quite a lot of remote vulnerabilities. I
usually don't care about local exploit, and I usually don't care much
about the security of package I rarely use, as I'm the only user of
that box, but remote vulnerabilities in my browser scare me. It seems
to me that nowadays the browser is one of the main vector of attacks.
In other words, if there is only one package on that box that
should be up to date, that should be Firefox.
I also wonder what will happen in the future. Firefox 1.0.X
seems to be discontinued by the Mozilla fundation. I hope it doesn't
mean that users of Stable will be left vulnerable. I hope you will
find a workable solution, such as putting Firefox 1.5 in stable.
http://developer.mozilla.org/devnews/index.php/2006/04/12/sunset-announcement-for-fxtb-10x-and-mozilla-suite-17x/
Thanks for the good work on the package, and thanks in advance
for keeping me safe while browsing.
Jean
--- End Message ---
--- Begin Message ---
Version: 1.0.4-2sarge6
DSA 1044 should fix all of bugs with CVE IDs referred to by MFSAs fixed
in 1.0.8. There's already a new bug about the new CVE-2006-1993. I
believe this can be closed.
--- End Message ---
