Bug#699888: new nss packages fixing cve-2013-1620
Michael Gilbert
mgilbert at debian.org
Sat Mar 16 20:53:00 UTC 2013
> We can consider to put it into a DSA in which the text details how to disable
> the options if they cause trouble. An alternative is to put it into spu
> instead, where it may be slightly (probably just slightly) more acceptable to
> change behaviour than in a DSA. But it will also mean having to wait a few
> months at least.
>
> Do you know if RHEL is pushing it through the security channels or the stable
> updates channels?
For what its worth, ubuntu pushed 3.14 to all of its releases through
their security update channel:
http://www.ubuntu.com/usn/usn-1763-1
It also looks like bumping nspr was also required:
http://www.ubuntu.com/usn/usn-1763-2
Do you want me to look at preparing those updates for squeeze?
In the meantime, this should really be fixed in unstable. Mike, do
you want to do a maintainer upload, or is ok if I go ahead with the
nmu?
Thanks,
Mike
More information about the pkg-mozilla-maintainers
mailing list