Package: iceweasel
Version: 10.0.12esr-1
Severity: grave
Tags: security
Justification: user security hole
Dear Maintainer,
In wheezy the current version of iceweasel is 10.0.12 ESR. I know that
according to normal debian policy this package should not receive updates other
than "security updates", however I believe that this could cause security
vulnerabilities. Firefox 10.X ESR will soon no longer be supported, and instead
17.X ESR will be supported instead. I know that the debian security team can
backport security fixes to 10.X, but as mozilla warn on their website about the
ESR version, it becomes harder to back-port security fixes as packages become
more out of date, and over three years from when 10.X is not supported to when
wheezy is not supported, there will almost certainly be some security fixes
that will not be possible to backdate - this is to some extent true even with
supported ESR (mozilla only backport "high" and "critical" fixes).
By updating to iceweasel 17.X, you will have the advantage of support for a
longer time, and software that is one year newer, making it easier to backport
more fixes. There is also quite a long time still left of quality assurance
before the release date of wheezy to deal with bugs that would be caused by
this upgrade. I know there is often a tension between stability and security,
but I think this is a special case because browser security is so important,
and other components, such as the kernel, will be receiving long term support
for most of the lifespan of wheezy anyway.
-- Package-specific info:
-- Extensions information
Name: Adblock Plus
Location:
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
Package: xul-ext-adblock-plus
Status: enabled
Name: Default theme
Location: /usr/lib/iceweasel/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}
Package: iceweasel
Status: enabled
Name: English (GB) Language Pack locale
Location: /usr/lib/iceweasel/extensions/langpack-en...@iceweasel.mozilla.org.xpi
Package: iceweasel-l10n-en-gb
Status: enabled
-- Plugins information
Name: Gnome Shell Integration
Location: /usr/lib/mozilla/plugins/libgnome-shell-browser-plugin.so
Package: gnome-shell
Status: enabled
Name: Shockwave Flash
Location: /usr/lib/gnash/libgnashplugin.so
Package: browser-plugin-gnash
Status: enabled
Name: iTunes Application Detector
Location: /usr/lib/mozilla/plugins/librhythmbox-itms-detection-plugin.so
Package: rhythmbox-plugins
Status: enabled
-- Addons package information
ii browser-plugin 0.8.11~git20 amd64 GNU Shockwave Flash (SWF) player
ii gnome-shell 3.4.2-6 amd64 graphical shell for the GNOME des
ii iceweasel 10.0.12esr-1 amd64 Web browser based on Firefox
ii iceweasel-l10n 1:10.0.12esr all English (United Kingdom) language
ii rhythmbox-plug 2.97-2.1 amd64 plugins for rhythmbox music playe
ii xul-ext-adbloc 2.1-1 all Advertisement blocking extension
-- System Information:
Debian Release: 7.0
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages iceweasel depends on:
ii debianutils 4.3.2
ii fontconfig 2.9.0-7.1
ii libc6 2.13-37
ii libgdk-pixbuf2.0-0 2.26.1-1
ii libglib2.0-0 2.33.12+really2.32.4-3
ii libgtk2.0-0 2.24.10-2
ii libnspr4 2:4.9.2-1
ii libnspr4-0d 2:4.9.2-1
ii libsqlite3-0 3.7.13-1
ii libstdc++6 4.7.2-5
ii procps 1:3.3.3-2
ii xulrunner-10.0 10.0.12esr-1
iceweasel recommends no packages.
Versions of packages iceweasel suggests:
ii fonts-stix [otf-stix] 1.1.0-1
ii libgssapi-krb5-2 1.10.1+dfsg-3
pn mozplugger <none>
Versions of packages xulrunner-10.0 depends on:
ii libasound2 1.0.25-4
ii libatk1.0-0 2.4.0-2
ii libbz2-1.0 1.0.6-4
ii libc6 2.13-37
ii libcairo2 1.12.2-2
ii libdbus-1-3 1.6.8-1
ii libdbus-glib-1-2 0.100-1
ii libevent-2.0-5 2.0.19-stable-3
ii libfontconfig1 2.9.0-7.1
ii libfreetype6 2.4.9-1.1
ii libgcc1 1:4.7.2-5
ii libgdk-pixbuf2.0-0 2.26.1-1
ii libglib2.0-0 2.33.12+really2.32.4-3
ii libgtk2.0-0 2.24.10-2
ii libhunspell-1.3-0 1.3.2-4
ii libjpeg8 8d-1
ii libmozjs10d 10.0.12esr-1
ii libnotify4 0.7.5-1
ii libnspr4-0d 2:4.9.2-1
ii libnss3-1d 2:3.13.6-2
ii libpango1.0-0 1.30.0-1
ii libpixman-1-0 0.26.0-3
ii libreadline6 6.2+dfsg-0.1
ii libsqlite3-0 3.7.13-1
ii libstartup-notification0 0.12-1
ii libstdc++6 4.7.2-5
ii libvpx1 1.1.0-1
ii libx11-6 2:1.5.0-1
ii libxext6 2:1.3.1-2
ii libxrender1 1:0.9.7-1
ii libxt6 1:1.1.3-1
ii zlib1g 1:1.2.7.dfsg-13
Versions of packages xulrunner-10.0 suggests:
ii libcanberra0 0.28-6
ii libgnomeui-0 2.24.5-2
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
