Re: [SECURITY] [DSA 2341-1] iceweasel security update
Hi,
I think one of the security.debian.org mirrors is lagging fairly badly.
I just did an update, and this update from yesterday was not available.
I did it again (presumably getting a different IP) and it was available.
Just a FYI.
Thanks,
- Chris
On Wed, Nov 09, 2011 at 05:45:01PM +0100, Moritz Muehlenhoff wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2341-1 security@debian.org
> http://www.debian.org/security/ Moritz Muehlenhoff
> November 09, 2011 http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package : iceweasel
> Vulnerability : several
> Problem type : remote
> Debian-specific: no
> CVE ID : CVE-2011-3647 CVE-2011-3648 CVE-2011-3650
>
> Several vulnerabilities have been discovered in Iceweasel, a web browser
> based on Firefox. The included XULRunner library provides rendering
> services for several other applications included in Debian.
>
> CVE-2011-3647
>
> "moz_bug_r_a4" discovered a privilege escalation vulnerability in
> addon handling.
>
> CVE-2011-3648
>
> Yosuke Hasegawa discovered that incorrect handling of Shift-JIS
> encodings could lead to cross-site scripting.
>
> CVE-2011-3650
>
> Marc Schoenefeld discovered that profiling the Javascript code
> could lead to memory corruption.
>
> For the oldstable distribution (lenny), this problem has been fixed in
> version 1.9.0.19-15 of the xulrunner source package.
>
> For the stable distribution (squeeze), this problem has been fixed in
> version 3.5.16-11.
>
> For the unstable distribution (sid), this problem has been fixed in
> version 8.0-1.
>
> We recommend that you upgrade your iceweasel packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
>
> iEYEARECAAYFAk66rcYACgkQXm3vHE4uylqo9QCgsdGqCrDS99Eqo1QHA3G/LyMP
> /aQAoMGeYFbcebA+ulmKJi94hEYrnLql
> =H/MJ
> -----END PGP SIGNATURE-----
>
>
>
>
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/20111109164501.GA4188@pisco.westfalen.local
Reply to: