[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

please unblock xulrunner



Hi,
can someone please unblock xulrunner?
1.9.0.1-1 fixes CVE-2008-2785[0] which is a fairly important 
security issue that allows arbitrary code execution by 
overflowing a CSS reference counter.

Every iceweasel user who has not switched off java script 
could be affected by this. More about the vulnerability 
itself in the upstream advisory[1].

In Debian this does technically affect xulrunner and not 
iceweasel as discussed[2] with the maintainer so it would be 
nice if someone could unblock xulrunner 1.9.0.1-1 to enter lenny.

[0] http://security-tracker.debian.net/tracker/CVE-2008-2785
[1] http://www.mozilla.org/security/announce/2008/mfsa2008-34.html
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=491161#17

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgp6NoHvbGVc0.pgp
Description: PGP signature


Reply to: