On Mon, Jul 19, 2010 at 06:45:21PM +0200, Mike Hommey wrote: > Hi, > > As I started to work on next round of mozilla security updates, I found > out that CVE-2010-1206 doesn't apply to 3.0.x and earlier, because the > faulty code was introduced in 3.1b1 by > https://bugzilla.mozilla.org/show_bug.cgi?id=254714 > Also, the vulnerable package is not xulrunner, in this case, but > iceweasel. Versions in etch and lenny are not affected.
Some more information on the CVEs I already know of for next round due soon: CVE-2010-1213, CVE-2010-2752, CVE-2010-1209 are all xulrunner issues and don't apply on versions before 1.9.1. They are not yet disclosed but should be soon enough. They are only marked RESERVED on the security tracked, at the moment. Mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
