Hello, On Sun, Feb 09, 2014 at 02:11:21AM -0500, Filipus Klutiero wrote: > There is no particular issue with migrating icedove to testing. Are > you saying you intend to upload icedove 24 to wheezy? not direct to wheezy, we'll use stable-security to push icedove 24 to wheezy. This is the same way we do with icedove 17. > The question is whether icedove 24.2.0-1 is better than 17.0.10-1. > What security issues in 17.0.10 does 24.2.0 fix? If the team considers > that 24.2.0 is better than 17.0.10, you can request the release team > to force it by filing a ticket against release.debian.org. Icedove 17 is EOL (same as Icedove 10 short after the release of wheezy) and Mozilla is only providing updates for Icedove 24. Almost all fixed bugs are in libxul and it's to hard to backport the security fixes from there (same problem with iceweasel). Icedove 17.0.11 ships almost the same security fixes like icedove 24.1. But from there on we 'missed' the following: MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2) MFSA 2013-108 Use-after-free in event listeners MFSA 2013-109 Use-after-free during Table Editing MFSA 2013-111 Segmentation violation when replacing ordered list elements MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation MFSA 2013-114 Use-after-free in synthetic mouse movement MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets MFSA 2013-116 JPEG information leak MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3) MFSA 2014-02 Clone protected content with XBL scopes MFSA 2014-04 Incorrect use of discarded images by RasterImage MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing MFSA 2014-09 Cross-origin information leak through web workers MFSA 2014-12 NSS ticket handling issues MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects Most of these security problems are probably in icedove 17. Cheers, Christoph
Attachment:
signature.asc
Description: Digital signature