Re: Recent Firefox Update - Iceweasel affected?

To: debian-security@lists.debian.org
Subject: Re: Recent Firefox Update - Iceweasel affected?
From: Michael S Gilbert <michael.s.gilbert@gmail.com>
Date: Sun, 13 Sep 2009 15:33:07 -0400
Message-id: <[🔎] 20090913153307.ea1a8539.michael.s.gilbert@gmail.com>
In-reply-to: <[🔎] 200909132107.07033.Pascal.Stumpf@cubes.de>
References: <[🔎] 200909132107.07033.Pascal.Stumpf@cubes.de>

On Sun, 13 Sep 2009 21:06:59 +0200 Pascal Stumpf wrote:
> Hi,
> 
> In the recently published Firefox update (3.0.14), several security 
> vulnerabilities have been fixed. Now, since obviously Debian doesn’t include 
> new upstream releases in stable (3.0.14 was accepted in unstable though), I 
> was wondering if Iceweasel is affected by these security vulnerabilities too, 
> namely: CVE-2009-3070, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075, 
> CVE-2009-3077 and CVE-2009-3079 (MSFA 2009-51, 49 and 47).

hi,

yes, lenny's iceweasel is indeed affected by these issues.  the security
team is in the process of preparing updates to lenny's xulrunner-1.9
packages for this (debian's iceweasel packages are made to use the
xulrunner library, so that is the only part that needs to be updated).
this will happen sometime soon, but someone else on the team will need
to speak on when.

mike

Reply to:

Follow-Ups:
- Re: Recent Firefox Update - Iceweasel affected?
  - From: Mike Hommey <mh@glandium.org>

References:
- Recent Firefox Update - Iceweasel affected?
  - From: Pascal Stumpf <Pascal.Stumpf@cubes.de>

Prev by Date: Recent Firefox Update - Iceweasel affected?
Next by Date: Re: Recent Firefox Update - Iceweasel affected?
Previous by thread: Recent Firefox Update - Iceweasel affected?
Next by thread: Re: Recent Firefox Update - Iceweasel affected?
Index(es):
- Date
- Thread