-------- Forwarded Message --------
Since the last GNU IceCat release, there have been 12 security
advisories from Mozilla addressing 18 CVEs and associated releases of
Firefox ESR 38.1.1 (on August 6) and ESR 38.2 (yesterday).
CVE-2015-4473, CVE-2015-4474, CVE-2015-4475, CVE-2015-4478,
CVE-2015-4479, CVE-2015-4480, CVE-2015-4481, CVE-2015-4482,
CVE-2015-4484, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487,
CVE-2015-4488, CVE-2015-4489, CVE-2015-4491, CVE-2015-4492,
There have been no new releases on the ESR 31 branch, so I guess that
Mozilla is no longer supporting it, or at least not in a timely fashion.
We are therefore in urgent need of either:
1. GNU IceCat 38.2.
2. Backports of these fixes to GNU IceCat 31.8.
I've already backported the fix for CVE-2015-4495, which was included in
Firefox ESR 38.1.1, here:
Now I'm faced with the prospect of backporting a large pile of fixes,
several of which are labelled "critical", from Firefox 38 to 31, or else
running a browser with published remote execution vulnerabilities for
some unknown number of days. This is not good.
So, when can we expect GNU IceCat 38.2 to be released?