Hi, As I started to work on next round of mozilla security updates, I found out that CVE-2010-1206 doesn't apply to 3.0.x and earlier, because the faulty code was introduced in 3.1b1 by https://bugzilla.mozilla.org/show_bug.cgi?id=254714 Also, the vulnerable package is not xulrunner, in this case, but iceweasel. Versions in etch and lenny are not affected.
Mike -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100719164521.ga11...@glandium.org