Hi all! I was taking a look at the tracker page for the high urgency vulnerability of iceweasel. It has no CVE number yet, and it's temporarily referred to as http://security-tracker.debian.net/tracker/TEMP-0537104-000075 This tracker page says that every unreleased branch (squeeze, sid, experimental) is vulnerable. The released branches (etch and lenny) are not affected, because the JIT compiler was introduced in version 3.5.0, as the notes say. Well, this should mean that squeeze and sid are unaffected, as well. Moreover, the associated bug (#537104) says that version 3.0.11-1 is not affected: see http://bugs.debian.org/537104#17 A further confirmation that sid is not affected. I think that these facts should be documented in the tracker: sid and squeeze are not currently affected. -- New location for my website! Update your bookmarks! http://www.inventati.org/frx ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgpiAuTdpS_P7.pgp
Description: PGP signature