Re: CVE-2010-1206

To: Mike Hommey <mh@glandium.org>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: CVE-2010-1206
From: Thijs Kinkhorst <thijs@debian.org>
Date: Mon, 19 Jul 2010 20:05:45 +0200
Message-id: <201007192005.45352.thijs@debian.org>
In-reply-to: <20100719164521.GA11575@glandium.org>
References: <20100719164521.GA11575@glandium.org>

On moandei 19 July 2010, Mike Hommey wrote:
> As I started to work on next round of mozilla security updates, I found
> out that CVE-2010-1206 doesn't apply to 3.0.x and earlier, because the
> faulty code was introduced in 3.1b1 by
> https://bugzilla.mozilla.org/show_bug.cgi?id=254714
> Also, the vulnerable package is not xulrunner, in this case, but
> iceweasel. Versions in etch and lenny are not affected.

Thanks, noted.


Thijs

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

References:
- CVE-2010-1206
  - From: Mike Hommey <mh@glandium.org>

Prev by Date: CVE-2010-1206
Next by Date: Re: Some more xulrunner CVEs [Was: CVE-2010-1206]
Previous by thread: CVE-2010-1206
Next by thread: Some more xulrunner CVEs [Was: CVE-2010-1206]
Index(es):
- Date
- Thread