please unblock xulrunner

To: debian-release@lists.debian.org
Subject: please unblock xulrunner
From: Nico Golde <debian-release+ml@ngolde.de>
Date: Wed, 23 Jul 2008 15:03:34 +0200
Message-id: <[🔎] 20080723130334.GC14003@ngolde.de>
Mail-followup-to: debian-release@lists.debian.org

Hi,
can someone please unblock xulrunner?
1.9.0.1-1 fixes CVE-2008-2785[0] which is a fairly important 
security issue that allows arbitrary code execution by 
overflowing a CSS reference counter.

Every iceweasel user who has not switched off java script 
could be affected by this. More about the vulnerability 
itself in the upstream advisory[1].

In Debian this does technically affect xulrunner and not 
iceweasel as discussed[2] with the maintainer so it would be 
nice if someone could unblock xulrunner 1.9.0.1-1 to enter lenny.

[0] http://security-tracker.debian.net/tracker/CVE-2008-2785
[1] http://www.mozilla.org/security/announce/2008/mfsa2008-34.html
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=491161#17

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpn5K6dodRKd.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: please unblock xulrunner
  - From: Adeodato Simó <dato@net.com.org.es>

Prev by Date: Re: [etch-and-half] release notes review
Next by Date: Re: [etch-and-half] release notes review
Previous by thread: Re: please unblock rdate/1:1.1.3-2
Next by thread: Re: please unblock xulrunner
Index(es):
- Date
- Thread