David E. Ross wrote:
Bug #698753 reports that a certificate sub-authority improperly issued
subscriber certificates with 512-bit RSA keys. At least one such
certificate has been used to sign malware.
NSS has been patched to resolve this issue. Will there be an update to
SeaMonkey 2.4.x that incorporates this patch? Or will we have to wait
for SeaMonkey 2.5? I believe Mozilla has already released Firefox 8 and
Firefox 3.6.24 to incorporate this patch.
See<https://bugzilla.mozilla.org/show_bug.cgi?id=698753> and
<http://www.entrust.net/advisories/malaysia.htm>.
2.5 Beta 4 has the fix
There will not be a 2.4.x release for this issue.
2.5 final will be released within days along with Firefox 8.0.1
We are behind in our release only due to hardware issues I have/had to
cope with. We are not yet back at full capacity, but enough to be able
to spin releases now.
--
~Justin Wood (Callek)
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
