Hi everybody! DSA-1999-1 has just been issued [1] claiming that five vulnerabilities have been fixed in xulrunner. The DSA states that the five CVEs are fixed in version 1.9.1.8-1 for sid and the changelog [2] seems to agree. However, the CVE tracker pages [3][4][5][6][7] tell a different story, claiming that sid is still vulnerable. Which is wrong and which is right? [1] http://lists.debian.org/debian-security-announce/2010/msg00039.html [2] http://packages.qa.debian.org/x/xulrunner/news/20100217T223453Z.html [3] http://security-tracker.debian.org/tracker/CVE-2009-1571 [4] http://security-tracker.debian.org/tracker/CVE-2009-3988 [5] http://security-tracker.debian.org/tracker/CVE-2010-0159 [6] http://security-tracker.debian.org/tracker/CVE-2010-0160 [7] http://security-tracker.debian.org/tracker/CVE-2010-0162 -- http://www.inventati.org/frx/progs/scripts/pdebuild-hooks.html Need some pdebuild hook scripts? ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgpdPXQySNaWy.pgp
Description: PGP signature