[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1751-1] New xulrunner packages fix several vulnerabilities

Hi Moritz,

On Sun, Mar 22, 2009 at 10:30:20PM +0100, Moritz Muehlenhoff wrote:
> - ------------------------------------------------------------------------
> Debian Security Advisory DSA-1751-1                  security@debian.org
> http://www.debian.org/security/                       Moritz Muehlenhoff
> March 22, 2009                        http://www.debian.org/security/faq
> - ------------------------------------------------------------------------
> Package        : xulrunner
> Vulnerability  : several
> Problem-Type   : remote
> Debian-specific: no
> CVE ID         : CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776
> Several remote vulnerabilities have been discovered in Xulrunner, a 
> runtime environment for XUL applications, such as the Iceweasel web
> browser. The Common Vulnerabilities and Exposures project identifies
> the following problems:
> For the stable distribution (lenny), these problems have been fixed
> in version
> As indicated in the Etch release notes, security support for the
> Mozilla products in the oldstable distribution needed to be stopped
> before the end of the regular Etch security maintenance life cycle.
> You are strongly encouraged to upgrade to stable or switch to a still
> supported browser.
> For the unstable distribution (sid), these problems have been fixed in
> version
> We recommend that you upgrade your xulrunner packages.

The Lenny release notes, just like the Etch release notes, mention the
possibility that at some point in the future, the mozilla products would
stop getting security suppport.  I understand.  

However, I have never seen any announcement that Etch's iceweasel has
actually stopped getting security support.  When did this occur?



Reply to: