Re: icedove: no ESR update?

To: Hideki Yamane <henrich@debian.or.jp>
Cc: icedove@packages.debian.org, debian-security@lists.debian.org
Subject: Re: icedove: no ESR update?
From: Christoph Goehre <chris@sigxcpu.org>
Date: Sat, 21 Nov 2015 14:18:00 -0500
Message-id: <[🔎] 20151121191800.GB2979@anna.chris.local>
In-reply-to: <[🔎] 20151121104847.c68b28330d8766521c92a216@debian.or.jp>
References: <[🔎] 20151121104847.c68b28330d8766521c92a216@debian.or.jp>

Hi Hideki,

On Sa, Nov 21, 2015 at 10:48:47 +0900, Hideki Yamane wrote:
> Hi,
> 
> About CVE-2015-4473, CVE-2015-4487, CVE-2015-4488 and CVE-2015-4489.
> As same as "DSA-3333-1 iceweasel", icedove should be updated with
> newer ESR version in Stretch/Sid.

38.3.0 is the last ESR version of icedove, which lives in Stretch since
November 7th (Sid since November 1st). We are waiting for 38.4.0, which
isn't released by Mozilla right now. There are building candidates, but
not a official release.

> >> Debian follows the extended support releases (ESR) of Firefox.
> >> Support for the 31.x series has ended, so starting with this update
> >> we're now following the 38.x releases.
> 
> 
> Is there any action for it? or just backport package for stable-security
> is not enough?

I'm working on icedove 38.x for stable (Jessie) and oldstable (Wheezy).
Hopefully I'll get it done this weekend. They will go into
stable-security and oldstable-security.

Cheers,
Christoph

Reply to:

Follow-Ups:
- Re: icedove: no ESR update?
  - From: Hideki Yamane <henrich@debian.or.jp>

References:
- icedove: no ESR update?
  - From: Hideki Yamane <henrich@debian.or.jp>

Prev by Date: Re: icedove: no ESR update?
Next by Date: Re: icedove: no ESR update?
Previous by thread: Re: icedove: no ESR update?
Next by thread: Re: icedove: no ESR update?
Index(es):
- Date
- Thread