Some additional information for experimental users (a.k.a.
bleeding edge users) below:
On Wed, Aug 26, 2009 at 08:51:42PM +0200, Moritz Muehlenhoff wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - ------------------------------------------------------------------------
> Debian Security Advisory DSA-1873-1
security@...
>
http://www.debian.org/security/ Moritz Muehlenhoff
> August 26, 2009
http://www.debian.org/security/faq> - ------------------------------------------------------------------------
>
> Package : xulrunner
> Vulnerability : programming error
> Problem type : remote
> Debian-specific: no
> CVE Id(s) : CVE-2009-2654
>
> Juan Pablo Lopez Yacubian discovered that incorrect handling of invalid
> URLs could be used for spoofing the location bar and the SSL certificate
> status of a web page.
>
> Xulrunner is no longer supported for the old stable distribution (etch).
>
> For the stable distribution (lenny), this problem has been fixed in
> version 1.9.0.13-0lenny1.
>
> For the unstable distribution (sid), this problem has been fixed in
> version 1.9.0.13-1.
For the experimental distribution, this problem has been fixed in
version 1.9.1.2-1.
Mike
signature.asc (196 bytes) 