Re: [SECURITY] [DSA 2341-1] iceweasel security update

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 2341-1] iceweasel security update
From: Chris Frey <cdfrey@foursquare.net>
Date: Thu, 10 Nov 2011 17:11:49 -0500
Message-id: <[🔎] 20111110221149.GA16612@foursquare.net>
In-reply-to: <20111109164501.GA4188@pisco.westfalen.local>
References: <20111109164501.GA4188@pisco.westfalen.local>

Hi,

I think one of the security.debian.org mirrors is lagging fairly badly.
I just did an update, and this update from yesterday was not available.
I did it again (presumably getting a different IP) and it was available.

Just a FYI.

Thanks,
- Chris


On Wed, Nov 09, 2011 at 05:45:01PM +0100, Moritz Muehlenhoff wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2341-1                   security@debian.org
> http://www.debian.org/security/                        Moritz Muehlenhoff
> November 09, 2011                      http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
> 
> Package        : iceweasel
> Vulnerability  : several
> Problem type   : remote
> Debian-specific: no
> CVE ID         : CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 
> 
> Several vulnerabilities have been discovered in Iceweasel, a web browser
> based on Firefox. The included XULRunner library provides rendering
> services for several other applications included in Debian.
> 
> CVE-2011-3647
> 
>    "moz_bug_r_a4" discovered a privilege escalation vulnerability in
>    addon handling.    
> 
> CVE-2011-3648
> 
>    Yosuke Hasegawa discovered that incorrect handling of Shift-JIS 
>    encodings could lead to cross-site scripting.
> 
> CVE-2011-3650
> 
>    Marc Schoenefeld discovered that profiling the Javascript code
>    could lead to memory corruption.
> 
> For the oldstable distribution (lenny), this problem has been fixed in
> version 1.9.0.19-15 of the xulrunner source package.
> 
> For the stable distribution (squeeze), this problem has been fixed in
> version 3.5.16-11.
> 
> For the unstable distribution (sid), this problem has been fixed in
> version 8.0-1.
> 
> We recommend that you upgrade your iceweasel packages.
> 
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
> 
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> 
> iEYEARECAAYFAk66rcYACgkQXm3vHE4uylqo9QCgsdGqCrDS99Eqo1QHA3G/LyMP
> /aQAoMGeYFbcebA+ulmKJi94hEYrnLql
> =H/MJ
> -----END PGP SIGNATURE-----
> 
> 
> 
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/20111109164501.GA4188@pisco.westfalen.local

Reply to:

Prev by Date: Re: [SECURITY] [DSA 2340-1] postgresql security update missing for squeeze
Next by Date: Re: [SECURITY] [DSA 2344-1] python-django-piston security update
Previous by thread: Re: [SECURITY] [DSA 2340-1] postgresql security update missing for squeeze
Next by thread: Re: [SECURITY] [DSA 2344-1] python-django-piston security update
Index(es):
- Date
- Thread