Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87vdhysz6k.fsf@mid.deneb.enyo.de>
Date: Thu, 29 Oct 2009 21:49:39 +0100
From: Florian Weimer <fw@...eb.enyo.de>
To: oss-security@...ts.openwall.com
Subject: Re: MFSA 2009-63

* Reed Loden:

> What type of specific information are you looking for? Mozilla works
> with upstream Xiph.org to get such issues resolved upstream, and then
> we either take a minimal fix downstream or a full library upgrade to
> latest upstream code. Lately, we've been having to do full library
> upgrades due to the complexity of fixes and dependencies on other
> changes.

We've got a rather strict backported-security-fixes-only policy
because we've got a very interdependent code base, so we usually can't
switch upstream versions for libraries because most developers have a
rather lax attitude towards ABI compatibility (and even if they don't,
we're usually trailing behind a major version or two 8-/).

Florian
(Debian)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.