On Sun, Apr 04, 2010 at 05:52:13PM -0400, Michael Gilbert wrote: > package: iceweasel > severity: important > version: 3.0.6-3 > tags: security > > hi, iceweasel in lenny is still vulnerable to an address bar spoofing > vulnerability, that was fixed in an MFSA a while back. this is > probably not worth fixing on its own, but if there are other pending > security backports, it would be useful to fix it. see: > > https://bugzilla.mozilla.org/show_bug.cgi?id=452979 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0777
Damn. Here is what I wrote in October, with Moritz's answer following: >> Now, wondering on http://security-tracker.debian.org/ I saw that I >> forgot CVE-2009-0777 :( It was fixed on 3.0.7-1 in unstable, but maybe >> it was decided to keep it for later, in which case we just forgot it, >> later... a bit like #512111. >> >> Maybe we should do an iceweasel security update for this one... (it's >> a >> browser issue, not a xulrunner one) > > Hmm, we indeed missed it. But since it's a low severity issue let's > postpone > it for the next round of issues affecting Iceweasel. Unfortunately, there hasn't been a next round of issues affecting Iceweasel only. Mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
