Re: Transition of Icedove 24.2.0 to testing
Hello, On Sun, Feb 09, 2014 at 02:11:21AM -0500, Filipus Klutiero wrote: There is no particular issue with migrating icedove to testing. Are you saying you intend to upload icedove 24 to wheezy? not direct to wheezy, we'll use stable-security to push icedove 24 to wheezy. This is the same way we do with icedove 17. The question is whether icedove 24.2.0-1 is better than 17.0.10-1. What security issues in 17.0.10 does 24.2.0 fix? If the team considers that 24.2.0 is better than 17.0.10, you can request the release team to force it by filing a ticket against release.debian.org. Icedove 17 is EOL (same as Icedove 10 short after the release of wheezy) and Mozilla is only providing updates for Icedove 24. Almost all fixed bugs are in libxul and it's to hard to backport the security fixes from there (same problem with iceweasel). Icedove 17.0.11 ships almost the same security fixes like icedove 24.1. But from there on we 'missed' the following: MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2) MFSA 2013-108 Use-after-free in event listeners MFSA 2013-109 Use-after-free during Table Editing MFSA 2013-111 Segmentation violation when replacing ordered list elements MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation MFSA 2013-114 Use-after-free in synthetic mouse movement MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets MFSA 2013-116 JPEG information leak MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3) MFSA 2014-02 Clone protected content with XBL scopes MFSA 2014-04 Incorrect use of discarded images by RasterImage MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing MFSA 2014-09 Cross-origin information leak through web workers MFSA 2014-12 NSS ticket handling issues MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects Most of these security problems are probably in icedove 17. Cheers, Christoph signature.asc Description: Digital signature
Re: Transition of Icedove 24.2.0 to testing
tags 735234 pending thanks Hello Julien, Am 02.02.2014 14:52, schrieb Julien Cristau: That version has two RC bugs. What's with that? one of them [1] contains included minimized JS source. Christoph fixed this in one of the commits [1] after the version 24.2.0 I add the pending state to the bug as well with this mail. The other problem around mozilla-gnome-keyring [3] needs a deeper look why this happens. I'm not using mozilla-gnome-keyring so I can't really help here. Guido, Christoph and myself talked already this issue, but Christoph and Guido didn't have enough time to get the reason for the behavior. Ximin wasn't able to add a log with debugging symbols, so we have to readjust it first. Hopefully we find next week some time to catch the error. In the end there is also another RC bug report [4] (to be honest) that relay on the same issue. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735234 [2] http://anonscm.debian.org/gitweb/?p=pkg-mozilla/icedove.git;a=commit;h=f4e6c0854b8f687a7bc6af39bf3395444bddf333 [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732652 [4] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724688 -- Regards Carsten signature.asc Description: OpenPGP digital signature
Re: Transition of Icedove 24.2.0 to testing
On Sun, Feb 2, 2014 at 01:00:11 +0100, Carsten Schoenert wrote: Hello release team, as Mike asked a few days before for Iceweasel, would it be possible to force the transition of the current Icedove version 24.2.0 from unstable to testing before Christoph will prepare the package for stable-security? That version has two RC bugs. What's with that? Cheers, Julien signature.asc Description: Digital signature
Transition of Icedove 24.2.0 to testing
Hello release team, as Mike asked a few days before for Iceweasel, would it be possible to force the transition of the current Icedove version 24.2.0 from unstable to testing before Christoph will prepare the package for stable-security? I'm currently able to build a version for Wheezy but it needs a little bit further tests before it can be uploaded by Christoph. -- Regards Carsten signature.asc Description: OpenPGP digital signature
