Re: Recent Firefox Update - Iceweasel affected?
On 2009-09-13, Mike Hommey <mh@glandium.org> wrote:
> On Sun, Sep 13, 2009 at 03:33:07PM -0400, Michael S Gilbert wrote:
>> On Sun, 13 Sep 2009 21:06:59 +0200 Pascal Stumpf wrote:
>> > Hi,
>> >
>> > In the recently published Firefox update (3.0.14), several security
>> > vulnerabilities have been fixed. Now, since obviously Debian doesn?$B!Gt include
>> > new upstream releases in stable (3.0.14 was accepted in unstable though), I
>> > was wondering if Iceweasel is affected by these security vulnerabilities too,
>> > namely: CVE-2009-3070, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075,
>> > CVE-2009-3077 and CVE-2009-3079 (MSFA 2009-51, 49 and 47).
>>
>> hi,
>>
>> yes, lenny's iceweasel is indeed affected by these issues. the security
>> team is in the process of preparing updates to lenny's xulrunner-1.9
>> packages for this (debian's iceweasel packages are made to use the
>> xulrunner library, so that is the only part that needs to be updated).
>
> There is actually one of the CVEs that is iceweasel-only and needs an
> iceweasel change (The feedwriter one, IIRC CVE-2009-3079). The xulrunner
> update will fix the remaining ones.
>
>> this will happen sometime soon, but someone else on the team will need
>> to speak on when.
>
> The packages are ready, they need to be built on all architectures and
> to be tested.
Almost done, they will be released tomorrow.
Cheers,
Moritz
Reply to: