bug-gnuzilla
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-gnuzilla] Unpatched security flaws in IceCat

From: Mark H Weaver
Subject: Re: [Bug-gnuzilla] Unpatched security flaws in IceCat
Date: Fri, 13 Nov 2015 14:26:03 -0500
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) 
David Hedlund <address@hidden> writes:

> Have this been fixed in IceCat 38.3.0?
>
> -------- Forwarded Message -------- 
>
>  From:                         Mark H Weaver <address@hidden>        
>  To:                           bug-gnuzilla <address@hidden>   
>  Date:                         Wed, 12 Aug 2015 12:48:13 -0400       
>  Subject:                      [Bug-gnuzilla] Unpatched security     
>                                flaws in IceCat                       
>
> Since the last GNU IceCat release, there have been 12 security
> advisories from Mozilla addressing 18 CVEs and associated releases of
> Firefox ESR 38.1.1 (on August 6) and ESR 38.2 (yesterday).
>
>   https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
>
>   CVE-2015-4473, CVE-2015-4474, CVE-2015-4475, CVE-2015-4478,
>   CVE-2015-4479, CVE-2015-4480, CVE-2015-4481, CVE-2015-4482,
>   CVE-2015-4484, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487,
>   CVE-2015-4488, CVE-2015-4489, CVE-2015-4491, CVE-2015-4492,
>   CVE-2015-4493, CVE-2015-4495

Yes, IceCat 38.3.0 should address the vulnerabilities listed above.

However, now there is another batch of security updates in upstream
Firefox 38.4.0, released on November 3, and we are still waiting for the
associated IceCat 38.4.0 update.  For details, see:

https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/

     Mark
reply via email to
[Prev in Thread] Current Thread [Next in Thread]