|

»

Debian Security

Recent Firefox Update - Iceweasel affected?

View: New views

4 Messages — Rating Filter: Alert me

	Recent Firefox Update - Iceweasel affected? by Pascal Stumpf :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, In the recently published Firefox update (3.0.14), several security vulnerabilities have been fixed. Now, since obviously Debian doesn’t include new upstream releases in stable (3.0.14 was accepted in unstable though), I was wondering if Iceweasel is affected by these security vulnerabilities too, namely: CVE-2009-3070, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075, CVE-2009-3077 and CVE-2009-3079 (MSFA 2009-51, 49 and 47). signature.asc (204 bytes) Download Attachment
	Re: Recent Firefox Update - Iceweasel affected? by Michael Gilbert :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Sun, 13 Sep 2009 21:06:59 +0200 Pascal Stumpf wrote: > Hi, > > In the recently published Firefox update (3.0.14), several security > vulnerabilities have been fixed. Now, since obviously Debian doesn’t include > new upstream releases in stable (3.0.14 was accepted in unstable though), I > was wondering if Iceweasel is affected by these security vulnerabilities too, > namely: CVE-2009-3070, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075, > CVE-2009-3077 and CVE-2009-3079 (MSFA 2009-51, 49 and 47). hi, yes, lenny's iceweasel is indeed affected by these issues. the security team is in the process of preparing updates to lenny's xulrunner-1.9 packages for this (debian's iceweasel packages are made to use the xulrunner library, so that is the only part that needs to be updated). this will happen sometime soon, but someone else on the team will need to speak on when. mike -- To UNSUBSCRIBE, email to debian-security-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...
	Re: Recent Firefox Update - Iceweasel affected? by Mike Hommey :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Sun, Sep 13, 2009 at 03:33:07PM -0400, Michael S Gilbert wrote: > On Sun, 13 Sep 2009 21:06:59 +0200 Pascal Stumpf wrote: > > Hi, > > > > In the recently published Firefox update (3.0.14), several security > > vulnerabilities have been fixed. Now, since obviously Debian doesn’t include > > new upstream releases in stable (3.0.14 was accepted in unstable though), I > > was wondering if Iceweasel is affected by these security vulnerabilities too, > > namely: CVE-2009-3070, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075, > > CVE-2009-3077 and CVE-2009-3079 (MSFA 2009-51, 49 and 47). > > hi, > > yes, lenny's iceweasel is indeed affected by these issues. the security > team is in the process of preparing updates to lenny's xulrunner-1.9 > packages for this (debian's iceweasel packages are made to use the > xulrunner library, so that is the only part that needs to be updated). There is actually one of the CVEs that is iceweasel-only and needs an iceweasel change (The feedwriter one, IIRC CVE-2009-3079). The xulrunner update will fix the remaining ones. > this will happen sometime soon, but someone else on the team will need > to speak on when. The packages are ready, they need to be built on all architectures and to be tested. Cheers, Mike -- To UNSUBSCRIBE, email to debian-security-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...
	Re: Recent Firefox Update - Iceweasel affected? by Moritz Muehlenhoff :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On 2009-09-13, Mike Hommey <mh@...> wrote: > On Sun, Sep 13, 2009 at 03:33:07PM -0400, Michael S Gilbert wrote: >> On Sun, 13 Sep 2009 21:06:59 +0200 Pascal Stumpf wrote: >> > Hi, >> > >> > In the recently published Firefox update (3.0.14), several security >> > vulnerabilities have been fixed. Now, since obviously Debian doesn?$B!Gt include >> > new upstream releases in stable (3.0.14 was accepted in unstable though), I >> > was wondering if Iceweasel is affected by these security vulnerabilities too, >> > namely: CVE-2009-3070, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075, >> > CVE-2009-3077 and CVE-2009-3079 (MSFA 2009-51, 49 and 47). >> >> hi, >> >> yes, lenny's iceweasel is indeed affected by these issues. the security >> team is in the process of preparing updates to lenny's xulrunner-1.9 >> packages for this (debian's iceweasel packages are made to use the >> xulrunner library, so that is the only part that needs to be updated). > > There is actually one of the CVEs that is iceweasel-only and needs an > iceweasel change (The feedwriter one, IIRC CVE-2009-3079). The xulrunner > update will fix the remaining ones. > >> this will happen sometime soon, but someone else on the team will need >> to speak on when. > > The packages are ready, they need to be built on all architectures and > to be tested. Almost done, they will be released tomorrow. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-security-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...