On Tue, Aug 02, 2005 at 02:29:51PM +0200, Moritz Muehlenhoff wrote: > If the isolated patches were pulled from Mozilla Bugzilla by Matt Zimmermann > (who appears to be Debian's Mozilla security delegate) and published as part > of a DSA this would point to the core of each vulnerability and make exploit > creation easier than reconstructing this information from the large interdiffs > between their stable releases. This tends towards security through obscurity, > but seems to be Mozilla's policy for bugs with their internal "Critical" > severity.
Getting access to the patches is not a significant obstacle; the issue is that they often don't apply to versions which are a few months old. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
