2 memory corruption bugs introduced to Firefox by Debian patches:
bugzilla.mozilla.org/show_bug.cgi?i
bugzilla.mozilla.org/show_bug.cgi?i
Freezing versions of most software for years, backporting a small subset of security fixes and applying broken / strange distribution-specific changes isn't great.
Conversation
A lot of distributions have these kinds of problems with their packaging but Debian remains the best example.
It's painful working with Debian due to all the distribution-specific broken extensions, hacks, meta-configuration and scripts. It's awful as an upstream maintainer too.
1
5
A lot of times people don't realize a ton of the scripts, configuration and odd bugs/extensions are something added downstream. It's also pretty awful having tons of people using ancient versions of your software. Even if you provide supported LTS branches, they won't ship it...
1
5
This Tweet was deleted by the Tweet author. Learn more
Yes, it's a serious problem for the vast majority of packages including the Linux kernel in Debian stable.
The tweet right after the one that you're replying to already explains that they made a special case for certain browser packages, not in general:
Quote Tweet
They partially gave in for web browsers, but they still pretend fixing a tiny subset of security issues is adequate for other things. Most security bugs don't get a CVE and they only fix a subset of those, eventually. It's certainly not limited to Debian.
Show this thread
1
Replying to
There are multiple things discussed in this thread and you appear to be conflating them together.