On Wed, Jan 17, 2018 at 4:43 PM, Mattia Dorigatti wrote: > I've worked around this by using Netscape
Netscape is a long-dead and probably by now a very insecure browser, I would suggest you avoid it. > though I can't figure out what "nnn" stands for. A number? The Debian bug number, which is distinct from the CVE number. If there is Debian bug reported, it will be in the "Debian Bugs" column. > I've tried to email this addresses but they report inexistent None of the CVEs you mention have bugs reported for them: https://security-tracker.debian.org/tracker/CVE-2017-5753 https://security-tracker.debian.org/tracker/CVE-2017-5715 https://security-tracker.debian.org/tracker/CVE-2017-5754 Probably because they were initially handled with an embargo period and now are the subject of industry-wide efforts to mitigate them. Since these are bugs in hardware, they cannot be fixed by Debian or Linux folks, only worked around with mitigations. I'd suggest you subscribe to the security announcements list if you are waiting for news on those mitigations: https://lists.debian.org/debian-security-announce/ -- bye, pabs https://wiki.debian.org/PaulWise
