Hello all, I'm running Etch, and use Iceweasel. I'm concerned about this security advisory. It says that the Etch release notes said that the Mozilla products would have to be stopped prior to the end of the Etch support period. I don't see this.
In fact, the Lenny release notes only mention the possibility of the need to stop support at some time in the future, they make no mention of it having happened. I've copied in the relavent section from the release note below. Debian Security Advisory DSA-1751-1 secur...@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 22, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : xulrunner Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: <snip> For the stable distribution (lenny), these problems have been fixed in version 1.9.0.7-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the unstable distribution (sid), these problems have been fixed in version 1.9.0.7-1. We recommend that you upgrade your xulrunner packages. Upgrade instructions - -------------------- <snip> --- Here's the Lenny release note section: 5.6.??Security status of Mozilla products The Mozilla programs firefox, thunderbird, and sunbird (rebranded in Debian to iceweasel, icedove, and iceowl, respectively), are important tools for many users. Unfortunately the upstream security policy is to urge users to update to new upstream versions, which conflicts with Debian's policy of not shipping ?????? large functional changes in security updates. We cannot predict it today, but during the lifetime of lenny the Debian Security Team may come to a point where supporting Mozilla products is no longer feasible and announce the end of security support for Mozilla products. You should take this into account when deploying Mozilla and consider alternatives available in Debian if the absence of security support would pose a problem for you. iceape, the unbranded version of the seamonkey internet suite has ?????? been removed from lenny (with the exception of a few internal library packages). Did anyone hear that Iceweasel has stopped getting security updates in Etch? Doug. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
