CVE id CAN-2005-2354 has been assigned for this security issue, with the rationalle that the essential hole is that nvu contains a duplicate copy of a library instead of linking to a version that is security maintained.
Please refer in the changelog to that CVE id if you fix the bug by making it link to mozilla's xpcom. If you just pull in a new security fixed xpcom, please instead refer to the CVE ids of the mozilla security holes that it fixes, if possible. Thanks. -- see shy jo
signature.asc
Description: Digital signature
