Re: Bug#447734: libxul0d: vulnerable to CVE-2007-5339

To: Florian Weimer <fw@deneb.enyo.de>
Cc: security@debian.org, debian-security-tracker@lists.debian.org
Subject: Re: Bug#447734: libxul0d: vulnerable to CVE-2007-5339
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Tue, 23 Oct 2007 22:58:45 +0200
Message-id: <[🔎] 20071023205845.GB10327@inutil.org>
In-reply-to: <87ejfltuug.fsf@mid.deneb.enyo.de>
References: <20071023131645.16144.20652.reportbug@tycho.robots.org.uk> <87ejfltuug.fsf@mid.deneb.enyo.de>

On Tue, Oct 23, 2007 at 10:54:47PM +0200, Florian Weimer wrote:
> * Sam Morris:
> 
> > Although <http://security-tracker.debian.net/tracker/CVE-2007-5339>
> > states that no packages in unstable are vulnerable to this bug, I just
> > tested Epiphany against it at <http://bcheck.scanit.be/bcheck/> and it
> > managed to crash my browser.
> 
> We've discovered a few more CVEs that still affect xulrunner.  I'm
> currently on vacation, but next week, I'll ask the colleague who did the
> analysis to submit his findings.  (We planned to do this anyway, but it
> somehow got lost between other issues.)

All the recent firefox issues affect xulrunner (and iceape), just someone
needs to commit them.

Cheers,
        Moritz

Reply to:

Prev by Date: Re: [Secure-testing-team] unrelated notes for CVE-2007-3163
Next by Date: Re: [Secure-testing-commits] r7065 - data/CVE
Previous by thread: Re: [Secure-testing-team] unrelated notes for CVE-2007-3163
Next by thread: Re: [Secure-testing-commits] r7065 - data/CVE
Index(es):
- Date
- Thread