[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-gnuzilla] Unpatched security flaws in IceCat

From: mhw
Subject: Re: [Bug-gnuzilla] Unpatched security flaws in IceCat
Date: Thu, 13 Aug 2015 15:30:21 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)

Rubén Rodríguez <address@hidden> writes:

>>   1. GNU IceCat 38.2.
> I'm working on that, I have a mostly usable version already and it needs
> some final polishing. I wanted to delay the release until I could bring
> a series of new features in, but given how security patching is being
> handled upstream I'll just release with no newer features and add them
> in the future.

Yes, I think it's important to release ASAP.

> I'll make a test build and post it to the list so volunteers can help
> list the things to be polished.

Sounds good, thanks!

>>   2. Backports of these fixes to GNU IceCat 31.8.
>> I've already backported the fix for CVE-2015-4495, which was included in
>> Firefox ESR 38.1.1, here:
>> http://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/patches/icecat-CVE-2015-4495.patch
> Since I understand this is the most important security bug in the list,
> I'll make a 31.8.0-gnu2 release with this patch.

If you're going to do that, you might as well also include the other
fixes I was able to backport:


Note that the above commit did not add the fix for CVE-2015-4495, since
I had already done that in an earlier commit.  It also doesn't include
fixes for the bundled libvpx, since in GNU Guix we use a newer external
copy of libvpx instead.

    Thank you!

reply via email to

[Prev in Thread] Current Thread [Next in Thread]