Closed
Bug 254655
Opened 20 years ago
Closed 19 years ago
0.9.3 release notes don't mention serious libpng security issue (bug 251381)
Categories
(www.mozilla.org :: General, defect)
www.mozilla.org
General
Tracking
(Not tracked)
VERIFIED
WONTFIX
People
(Reporter: bmo, Assigned: dveditz)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2 Firefox 0.9.3 was just released, primarily due to the extremely serious bug 0.9.3. the current release notes at http://www.mozilla.org/products/firefox/releases/ make NO mention of this bug?! Reproducible: Always Steps to Reproduce:
This bug's status should be changed to 'RESOLVED' and resolution to 'WONTFIX' since 0.9.3 was released over a month ago and the bug# 251381 is now fixed.
Comment 2•20 years ago
|
||
If you follow the link to "The Burning Edge..." and then "security holes" you find a table on this page with entries talking about this and other security fixes. http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 I agree, resolved==wontfix is appropriate. The info is only a couple of clicks away for anyone who needs it.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → WONTFIX
Reporter | ||
Comment 3•20 years ago
|
||
a couple of clicks away is NOT good enough. we're not trying to hide anything. any self-respecting project i've worked with puts information about fixed security holes in a very visible spot on the release notes. what could be more important for the release notes? i still think the info NEEDS to be there. people still read through past release notes when deciding whether or not to upgrade for old versions to the latest/greatest. as a policy, all our release notes should contain info on any security bugs that were fixed. a prominent link to the page mentioned in comment #2 would suffice, if we're feeling lazy.
Status: RESOLVED → UNCONFIRMED
Resolution: WONTFIX → ---
Comment 4•20 years ago
|
||
0.9.3 is a bit old, but we should consider this for the future. -> morphing summary and confirming.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: 0.9.3 release notes don't mention serious libpng security issue (bug 251381) → mention security updates in the release notes
Comment 5•19 years ago
|
||
no longer relevant. We have a security update notice in the release notes.
Status: NEW → RESOLVED
Closed: 20 years ago → 19 years ago
Resolution: --- → WORKSFORME
Reporter | ||
Comment 6•19 years ago
|
||
i think the relevance of the bug as originally reported is debatable. we're still serving up old release notes and linking to them all from http://www.mozilla.org/products/firefox/releases/ . i think there is value in at least putting a statement at the top of older release notes saying something like: === This is an archived release note. Note that it failed to provide important information on the security holes that were fixed with this realease. Please refer to http://www.mozilla.org/projects/security/known-vulnerabilities.html for information on security-related bugs that were fixed with this releaes. === small effort.. reasonable reward.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Reporter | ||
Updated•19 years ago
|
Assignee: bugs → dveditz
Status: REOPENED → NEW
Assignee | ||
Comment 7•19 years ago
|
||
Which bugs were fixed is really only important for the most recent releases. At this point it doesn't matter what was fixed in 0.9.3. Anyone reading those needs to know what *wasn't* fixed which we've discovered later was a lot of security holes. More recent release notes do contain links to the appropriate section of the security vulnerability page so this is either "fixed" in general or "wontfix" if you're hung up on 0.9.3 If this gets reopened please reassign to someone else (probably Asa) as it wouldn't be appropriate for me to edit the release notes directly.
Status: NEW → RESOLVED
Closed: 19 years ago → 19 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 8•19 years ago
|
||
for correctness' sake, i'm reverting the summary from: "mention security updates in the release notes" to: "0.9.3 release notes don't mention serious libpng security issue (bug 251381)" also changing to WONTFIX
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Summary: mention security updates in the release notes → 0.9.3 release notes don't mention serious libpng security issue (bug 251381)
Reporter | ||
Updated•19 years ago
|
Status: REOPENED → RESOLVED
Closed: 19 years ago → 19 years ago
Resolution: --- → WONTFIX
Reporter | ||
Updated•19 years ago
|
Status: RESOLVED → VERIFIED
Comment 9•19 years ago
|
||
--> Websites :: www.mozilla.com so timeless can close out Firefox :: Product Site.
Component: Product Site → www.mozilla.com
Product: Firefox → Websites
Updated•16 years ago
|
QA Contact: www-mozilla-com
Updated•12 years ago
|
Component: www.mozilla.org/firefox → www.mozilla.org
Updated•12 years ago
|
Component: www.mozilla.org → General
Product: Websites → www.mozilla.org
You need to log in
before you can comment on or make changes to this bug.
Description
•