Hi, I think one of the security.debian.org mirrors is lagging fairly badly. I just did an update, and this update from yesterday was not available. I did it again (presumably getting a different IP) and it was available.
Just a FYI. Thanks, - Chris On Wed, Nov 09, 2011 at 05:45:01PM +0100, Moritz Muehlenhoff wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-2341-1 [email protected] > http://www.debian.org/security/ Moritz Muehlenhoff > November 09, 2011 http://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : iceweasel > Vulnerability : several > Problem type : remote > Debian-specific: no > CVE ID : CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 > > Several vulnerabilities have been discovered in Iceweasel, a web browser > based on Firefox. The included XULRunner library provides rendering > services for several other applications included in Debian. > > CVE-2011-3647 > > "moz_bug_r_a4" discovered a privilege escalation vulnerability in > addon handling. > > CVE-2011-3648 > > Yosuke Hasegawa discovered that incorrect handling of Shift-JIS > encodings could lead to cross-site scripting. > > CVE-2011-3650 > > Marc Schoenefeld discovered that profiling the Javascript code > could lead to memory corruption. > > For the oldstable distribution (lenny), this problem has been fixed in > version 1.9.0.19-15 of the xulrunner source package. > > For the stable distribution (squeeze), this problem has been fixed in > version 3.5.16-11. > > For the unstable distribution (sid), this problem has been fixed in > version 8.0-1. > > We recommend that you upgrade your iceweasel packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: http://www.debian.org/security/ > > Mailing list: [email protected] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iEYEARECAAYFAk66rcYACgkQXm3vHE4uylqo9QCgsdGqCrDS99Eqo1QHA3G/LyMP > /aQAoMGeYFbcebA+ulmKJi94hEYrnLql > =H/MJ > -----END PGP SIGNATURE----- > > > > > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact [email protected] > Archive: http://lists.debian.org/[email protected] -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
