Rubén Rodríguez <[email protected]> writes: >> 1. GNU IceCat 38.2. > > I'm working on that, I have a mostly usable version already and it needs > some final polishing. I wanted to delay the release until I could bring > a series of new features in, but given how security patching is being > handled upstream I'll just release with no newer features and add them > in the future.
Yes, I think it's important to release ASAP. > I'll make a test build and post it to the list so volunteers can help > list the things to be polished. Sounds good, thanks! >> 2. Backports of these fixes to GNU IceCat 31.8. >> >> I've already backported the fix for CVE-2015-4495, which was included in >> Firefox ESR 38.1.1, here: >> >> >> http://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/patches/icecat-CVE-2015-4495.patch > > Since I understand this is the most important security bug in the list, > I'll make a 31.8.0-gnu2 release with this patch. If you're going to do that, you might as well also include the other fixes I was able to backport: http://git.savannah.gnu.org/cgit/guix.git/commit/?id=c037a0f7ce79d8d67e08694ae20e407b1280d84e Note that the above commit did not add the fix for CVE-2015-4495, since I had already done that in an earlier commit. It also doesn't include fixes for the bundled libvpx, since in GNU Guix we use a newer external copy of libvpx instead. Thank you! Mark -- http://gnuzilla.gnu.org
