Bug#561749: iceape: embeds xulrunner
Mike Hommey
mh at glandium.org
Sun Dec 20 08:07:04 UTC 2009
forwarded 561749 https://bugzilla.mozilla.org/show_bug.cgi?id=394502
tag 561749 + upstream
thanks
On Sat, Dec 19, 2009 at 05:36:49PM -0500, Michael Gilbert wrote:
> package: iceape
> version: 2.0.1-1
> severity: important
> tags: security
>
> Hi,
>
> Your package embeds source code from xulrunner, which makes
> security updates very cumbersome, difficult, and potentially
> error-prone. Please update your package to make use of the
> shared library. Thank you for your attention on this matter.
This is known, and not possible (yet). Likewise for icedove.
The main difference with the situation in lenny is that the mozilla/
directory in iceape and upcoming icedove 3 sources are the same as the
xulrunner-1.9.1 source, which will make updates easier.
This is the main reason why I'm seriously considering shipping iceweasel
3.5.x with squeeze instead of 3.6.x.
Mike
More information about the pkg-mozilla-maintainers
mailing list