|
From: | David Hedlund |
Subject: | Re: [Bug-gnuzilla] Unpatched security flaws in IceCat |
Date: | Sat, 14 Nov 2015 17:36:07 +0100 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.8.0 |
On 2015-11-14 04:56, Mark H Weaver wrote:
David Hedlund <address@hidden> writes:On 2015-11-13 20:26, Mark H Weaver wrote:David Hedlund <address@hidden> writes:Have this been fixed in IceCat 38.3.0? -------- Forwarded Message -------- From: Mark H Weaver <address@hidden> To: bug-gnuzilla <address@hidden> Date: Wed, 12 Aug 2015 12:48:13 -0400 Subject: [Bug-gnuzilla] Unpatched security flaws in IceCat Since the last GNU IceCat release, there have been 12 security advisories from Mozilla addressing 18 CVEs and associated releases of Firefox ESR 38.1.1 (on August 6) and ESR 38.2 (yesterday). https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ CVE-2015-4473, CVE-2015-4474, CVE-2015-4475, CVE-2015-4478, CVE-2015-4479, CVE-2015-4480, CVE-2015-4481, CVE-2015-4482, CVE-2015-4484, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4491, CVE-2015-4492, CVE-2015-4493, CVE-2015-4495Yes, IceCat 38.3.0 should address the vulnerabilities listed above. However, now there is another batch of security updates in upstream Firefox 38.4.0, released on November 3, and we are still waiting for the associated IceCat 38.4.0 update. For details, see: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ MarkCan you please investigate this?I'm sorry, but I don't have time. Mozilla announced that the vulnerabilities above were fixed in Firefox ESR 38.2.0, and given our lack of resources and the overwhelming complexity of the code, we have no practical choice but to trust them. Mark
That is all I need to know, thank you! I will remove this from my bug tracker now.
[Prev in Thread] | Current Thread | [Next in Thread] |