Some additional information for experimental users (a.k.a. bleeding edge users) below: On Wed, Aug 26, 2009 at 08:51:42PM +0200, Moritz Muehlenhoff wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------ > Debian Security Advisory DSA-1873-1 security@debian.org > http://www.debian.org/security/ Moritz Muehlenhoff > August 26, 2009 http://www.debian.org/security/faq > - ------------------------------------------------------------------------ > > Package : xulrunner > Vulnerability : programming error > Problem type : remote > Debian-specific: no > CVE Id(s) : CVE-2009-2654 > > Juan Pablo Lopez Yacubian discovered that incorrect handling of invalid > URLs could be used for spoofing the location bar and the SSL certificate > status of a web page. > > Xulrunner is no longer supported for the old stable distribution (etch). > > For the stable distribution (lenny), this problem has been fixed in > version 1.9.0.13-0lenny1. > > For the unstable distribution (sid), this problem has been fixed in > version 1.9.0.13-1. For the experimental distribution, this problem has been fixed in version 1.9.1.2-1. Mike
Attachment:
signature.asc
Description: Digital signature