oss-sec mailing list archives
Re: MFSA 2009-63
From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 29 Oct 2009 21:49:39 +0100
* Reed Loden:
What type of specific information are you looking for? Mozilla works with upstream Xiph.org to get such issues resolved upstream, and then we either take a minimal fix downstream or a full library upgrade to latest upstream code. Lately, we've been having to do full library upgrades due to the complexity of fixes and dependencies on other changes.
We've got a rather strict backported-security-fixes-only policy because we've got a very interdependent code base, so we usually can't switch upstream versions for libraries because most developers have a rather lax attitude towards ABI compatibility (and even if they don't, we're usually trailing behind a major version or two 8-/). Florian (Debian)
Current thread:
- MFSA 2009-63 Tomas Hoger (Oct 29)
- Re: MFSA 2009-63 Reed Loden (Oct 29)
- Re: MFSA 2009-63 Florian Weimer (Oct 29)
- Re: MFSA 2009-63 Reed Loden (Oct 29)
- Re: MFSA 2009-63 Tomas Hoger (Oct 30)
- Re: MFSA 2009-63 Reed Loden (Oct 30)
- Re: MFSA 2009-63 Tomas Hoger (Oct 30)
- Re: MFSA 2009-63 Florian Weimer (Oct 29)
- Re: MFSA 2009-63 Reed Loden (Oct 29)