Re: MFSA 2009-63

[Florian Weimer <fw () deneb enyo de>]

* Reed Loden:

> What type of specific information are you looking for? Mozilla works
> with upstream Xiph.org to get such issues resolved upstream, and then
> we either take a minimal fix downstream or a full library upgrade to
> latest upstream code. Lately, we've been having to do full library
> upgrades due to the complexity of fixes and dependencies on other
> changes.

We've got a rather strict backported-security-fixes-only policy
because we've got a very interdependent code base, so we usually can't
switch upstream versions for libraries because most developers have a
rather lax attitude towards ABI compatibility (and even if they don't,
we're usually trailing behind a major version or two 8-/).

Florian
(Debian)