Bug#542784: New upstream version available (2.0.0.23)
Alexander Sack
asac at debian.org
Fri Aug 21 18:10:02 UTC 2009
On Fri, Aug 21, 2009 at 08:03:36PM +0200, Mike Hommey wrote:
> On Fri, Aug 21, 2009 at 01:25:23PM +0200, Alexander Sack wrote:
> > reassign 542784 nss
> > thanks
> >
> > That bug needs to be fixed in nss (with more fixes because of
> > blackhat); we updated nss to 3.12.3.1 in ubuntu everywhere as we
> > believe that it's better to not do manual-cherry-picking for security
> > sensitive software like nss.
> >
> > I would suggest the same for debian, but i am not nss maintainer
> > so thats beyond my powers ...
>
> Technically, as you are part of the team, you also are a nss
> maintainer.
cool :).
>
> > if glandium or security team wants me to prepare such an update, I
> > could do that after my vacation (will be back on 1st sep).
>
> FWIW, the changes between 3.12.3 which we already have in squeeze and
> 3.12.3.1 are:
> - Additional root certs
> - Fix for windows startup time (the infamous IE temporary files reading
> stuff)
> - Removal of the CAPI module from the build
> - Avoid calling RNG_SystemInfoForRNG twice at startup
>
> In other words, squeeze is already ok.
>
> As for Lenny, the security team is on it.
My suggestion to do full upstream bump was for lenny.
New upstream versions are normal for this kind of stuff in
unstable/testing, so i thought it was not noteworthy.
Is the security team following that road?
- Alexander
More information about the pkg-mozilla-maintainers
mailing list