[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Recent Firefox Update - Iceweasel affected?

On Sun, Sep 13, 2009 at 03:33:07PM -0400, Michael S Gilbert wrote:
> On Sun, 13 Sep 2009 21:06:59 +0200 Pascal Stumpf wrote:
> > Hi,
> > 
> > In the recently published Firefox update (3.0.14), several security 
> > vulnerabilities have been fixed. Now, since obviously Debian doesn’t include 
> > new upstream releases in stable (3.0.14 was accepted in unstable though), I 
> > was wondering if Iceweasel is affected by these security vulnerabilities too, 
> > namely: CVE-2009-3070, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075, 
> > CVE-2009-3077 and CVE-2009-3079 (MSFA 2009-51, 49 and 47).
> 
> hi,
> 
> yes, lenny's iceweasel is indeed affected by these issues.  the security
> team is in the process of preparing updates to lenny's xulrunner-1.9
> packages for this (debian's iceweasel packages are made to use the
> xulrunner library, so that is the only part that needs to be updated).

There is actually one of the CVEs that is iceweasel-only and needs an
iceweasel change (The feedwriter one, IIRC CVE-2009-3079). The xulrunner
update will fix the remaining ones.

> this will happen sometime soon, but someone else on the team will need
> to speak on when.

The packages are ready, they need to be built on all architectures and
to be tested.

Cheers,

Mike
Reply to: