Package: xulrunner Version: 1.9.1.1-2 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xulrunner.
CVE-2009-2663[0]: | libvorbis before r16182, as used in Mozilla Firefox before 3.0.13 and | 3.5.x before 3.5.2 and other products, allows context-dependent | attackers to cause a denial of service (memory corruption and | application crash) or possibly execute arbitrary code via a crafted | .ogg file. This does not affect versions 1.9.0.12 and earlier, so no updates are needed for the stable releases. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2663 http://security-tracker.debian.net/tracker/CVE-2009-2663 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
