[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: icedove: no ESR update?

Hi Hideki,

On Sa, Nov 21, 2015 at 10:48:47 +0900, Hideki Yamane wrote:
> Hi,
> About CVE-2015-4473, CVE-2015-4487, CVE-2015-4488 and CVE-2015-4489.
> As same as "DSA-3333-1 iceweasel", icedove should be updated with
> newer ESR version in Stretch/Sid.

38.3.0 is the last ESR version of icedove, which lives in Stretch since
November 7th (Sid since November 1st). We are waiting for 38.4.0, which
isn't released by Mozilla right now. There are building candidates, but
not a official release.

> >> Debian follows the extended support releases (ESR) of Firefox.
> >> Support for the 31.x series has ended, so starting with this update
> >> we're now following the 38.x releases.
> Is there any action for it? or just backport package for stable-security
> is not enough?

I'm working on icedove 38.x for stable (Jessie) and oldstable (Wheezy).
Hopefully I'll get it done this weekend. They will go into
stable-security and oldstable-security.


Reply to: