On 2023-09-30 at 07:20, hede wrote: > Hi, > > does anyone know why CVE-2023-5217 (critical vp8 encoder bug) is rated as an > "open unimportant issue" for firefox-esr? Currently it is not fixed in > bookworm and newer [1]. Mozilla itself rates it as "critical" [2]. > > [1] https://security-tracker.debian.org/tracker/source-package/firefox-esr
When I follow the link to [3], and look at the bottom of the page, I see what looks to me like an explanation: >> src:firefox, src:firefox-esr and src:thunderbird use the system >> libvpx starting in bookworm and above. For older releases still >> needs the fixes in src:firefox-esr and src:thunderbird. [3] https://security-tracker.debian.org/tracker/CVE-2023-5217 -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw
signature.asc
Description: OpenPGP digital signature