• # Ah bon ...

    Posté par (site web personnel) . En réponse au journal Iceweasel dangereux pour les utilisateurs de debian etch?. Évalué à 10.

    Parce que quand je vois ça, je ne vois pas où est le problème :

    /usr/share/doc/iceweasel$ zcat changelog.Debian.gz |head -n 22
    iceweasel (2.0.0.4-0etch1) stable-security; urgency=critical

    * new upstream security/stability update (Closes: LP#117990)
    * MFSA2007-17 aka CVE-2007-2871: XUL Popup Spoofing
    * MFSA2007-16 aka CVE-2007-2870: XSS using addEventListener
    * MFSA2007-14 aka CVE-2007-1362: Path Abuse in Cookies
    * MFSA2007-13 aka CVE-2007-2869: Persistent Autocomplete Denial of Service
    * MFSA2007-12 aka CVE-2007-2867 (layout engine) + CVE-2007-2868
    (javascript engine): Crashes with evidence of memory corruption
    * uriloader/exthandler/unix/nsOSHelperAppService.cpp,
    uriloader/exthandler/Makefile.in,
    uriloader/exthandler/unix/nsGNOMERegistry.cpp,
    uriloader/exthandler/unix/nsGNOMERegistry.h,
    uriloader/exthandler/unix/nsMIMEInfoUnix.cpp,
    uriloader/exthandler/unix/nsMIMEInfoUnix.h: adapted patch for
    bz273524 and drop obsolete parts in response of upstream checkin
    for bz373955.
    * configure.in, configure: backout gcc visibility bug fixes which have
    been applied upstream; update configure accordingly

    -- Alexander Sack <asac@debian.org> Thu, 7 Jun 2007 01:11:22 +0200


    enfin si ... 7 juin, mais bon.