Bug#510902: Missing security updates - version 2.0.0.20 available from upstream
Package: iceweasel Version: 2.0.0.18-0etch1 Severity: critical Tags: security Security updates from Firefox 2.0.0.19 and 2.0.0.20 are still missing for Debian's Iceweasel in Etch, some of them are considered critical. http://www.mozilla.org/security/known-vulnerabilities/firefox20.html -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#508419: [nfs-utils] [CVE-2008-4552] TCP wrappers vulnerability
Package: nfs-kernel-server Version: 1:1.0.10-6+etch.1 Severity: grave Tags: security Quoting from CVE-2008-4552: »nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.« (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4552) This has already been fixed in Ubuntu: http://www.ubuntu.com/usn/USN-687-1 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#513196: [xine-lib] missing security updates
Package: xine-lib Version: 1.1.2+dfsg-7 Severity: medium Tags: security Hi, yesterday I noticed an update for xine-lib [1] on my last remaining Ubuntu system. When I checked xine-lib's state on my etch system(s), I noticed that the last security update is from quite some months ago [2] and therefore etch lacks many security updates compared to lenny [3] or Ubuntu. Please provide them for stable as soon as possible. Thank you, hk47 [1] USN-710-1: xine-lib vulnerabilities: http://www.ubuntu.com/usn/USN-710-1 [2] Debian Changelog xine-lib (1.1.2+dfsg-7) (etch): http://packages.debian.org/changelogs/pool/main/x/xine-lib/xine-lib_1.1.2+dfsg-7/changelog [3] Debian Changelog xine-lib (1.1.14-5) (lenny): http://packages.debian.org/changelogs/pool/main/x/xine-lib/xine-lib_1.1.14-5/changelog -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#510902: Missing security updates - version 2.0.0.20 available from upstream
Hi, any news on this one? I consider Iceweasel to be a major desktop application, but the courrent version now lacks a security update since about a month. Or is Debian dropping support for the 2.0 branch of Iceweasel, like Mozilla recently did with the release of 2.0.0.20[1]? If so, I think there should be some official announcement. Have a nice day. hk47 [1] no offical announcemment at hand, so Wikipedia must be enough: http://en.wikipedia.org/wiki/Mozilla_Firefox#Release_history http://en.wikipedia.org/wiki/Mozilla_Firefox#cite_note-43 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
