On Sun, Sep 13, 2009 at 03:33:07PM -0400, Michael S Gilbert wrote: > On Sun, 13 Sep 2009 21:06:59 +0200 Pascal Stumpf wrote: > > Hi, > > > > In the recently published Firefox update (3.0.14), several security > > vulnerabilities have been fixed. Now, since obviously Debian doesn’t > > include > > new upstream releases in stable (3.0.14 was accepted in unstable though), I > > was wondering if Iceweasel is affected by these security vulnerabilities > > too, > > namely: CVE-2009-3070, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075, > > CVE-2009-3077 and CVE-2009-3079 (MSFA 2009-51, 49 and 47). > > hi, > > yes, lenny's iceweasel is indeed affected by these issues. the security > team is in the process of preparing updates to lenny's xulrunner-1.9 > packages for this (debian's iceweasel packages are made to use the > xulrunner library, so that is the only part that needs to be updated).
There is actually one of the CVEs that is iceweasel-only and needs an iceweasel change (The feedwriter one, IIRC CVE-2009-3079). The xulrunner update will fix the remaining ones. > this will happen sometime soon, but someone else on the team will need > to speak on when. The packages are ready, they need to be built on all architectures and to be tested. Cheers, Mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
