Re: Backports needed for Firefox/Thunderbird ESR 78 in Buster/Stretch

On Tue, Sep 01, 2020 at 07:17:29PM +0200, Moritz Muehlenhoff wrote: > On Tue, Sep 01, 2020 at 04:35:42PM +0200, Emilio Pozuelo Monfort wrote: > > On 01/09/2020 14:05, Christoph Martin wrote: > > > Hi, > > > > > > I am not shure if I can help, but I can try and have a look at it. > > > > > > Yes

Re: Wheezy update of nss?

On Tue, Nov 22, 2016 at 07:10:02AM +0100, Salvatore Bonaccorso wrote: > On Mon, Nov 21, 2016 at 11:26:29PM +0100, Ola Lundqvist wrote: > > On 21 November 2016 at 23:23, Mike Hommey <m...@glandium.org> wrote: > > > > > You probably want the security team here, they ta

Re: Wheezy update of nss?

You probably want the security team here, they take care of NSS in jessie. On Mon, Nov 21, 2016 at 10:31:35PM +0100, Ola Lundqvist wrote: > Hello dear maintainer(s), > > The Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of nss: >

Re: Regression problem, call for advice Re: Call for advice and testing of nss (and nspr) and intention to upload correction

On Fri, Nov 04, 2016 at 01:17:36PM +0100, Ola Lundqvist wrote: > Hi all > > I have now analyzed the problem and the problem is that libfreebl3.so have > been split into a libfreebl3.so that is pre-loaded and a libfreeblpriv3.so > that is dynamically loaded by libfreebl3.so. This works well in

Re: Regression problem, call for advice Re: Call for advice and testing of nss (and nspr) and intention to upload correction

On Tue, Nov 01, 2016 at 11:37:29PM +0100, Ola Lundqvist wrote: > Hi Ben, Balint and others > > I'd like to have some advice on this regression. > > 1) Is this worth investigating? > - Chrome is not supported, however we have now made it to crash. Ben > obviously like that but maybe others do

Re: Wheezy update of firefox-esr?

On Sun, Sep 25, 2016 at 01:08:55AM +0200, Bálint Réczey wrote: > Hi, > > 2016-09-24 15:34 GMT+02:00 Balint Reczey <bal...@balintreczey.hu>: > > Hi, > > > > On 09/24/2016 12:51 AM, Mike Hommey wrote: > >> On Fri, Sep 23, 2016 at 07:57:45PM +0200, Bálint R

Re: CVE-2016-2839 / Firefox-ESR

On Wed, Aug 17, 2016 at 09:00:30AM +0100, Chris Lamb wrote: > Hi Brian, > > > 45.3.0esr-1~deb7u1 in wheezy is vulnerable. > > 45.3.0esr-1~deb8u1 in jessie is vulnerable. > > 45.3.0esr-1 in sid and stretch is not vulnerable. > > > > Which makes me wonder if Wheezy and Jessie versions have been

Re: Security update of firefox-esr for Wheezy

On Thu, Aug 04, 2016 at 11:04:47AM +0200, Markus Koschany wrote: > Hello Mike, > > Thank you for preparing the security update of firefox-esr. I have just > sent a security announcement for your update in Wheezy to the > debian-lts-announce mailing list. If you want to take care of this next >

Accepted firefox-esr 45.3.0esr-1~deb7u1 (source all amd64) into oldstable

: oldstable-security Urgency: medium Maintainer: Maintainers of Mozilla-related packages <pkg-mozilla-maintain...@lists.alioth.debian.org> Changed-By: Mike Hommey <gland...@debian.org> Description: firefox-esr - Mozilla Firefox web browser - Extended Support Release (ESR) fir

Re: Iceweasel 45 for Wheezy-LTS

On Fri, May 27, 2016 at 08:59:53AM +0200, Guido Günther wrote: > Hi Mike, > On Thu, May 26, 2016 at 10:29:22PM +0900, Mike Hommey wrote: > > On Sun, May 22, 2016 at 07:34:29PM +0200, Guido Günther wrote: > > > Hi Mike, > > > I'm currently looking into building icedo

Re: Iceweasel 45 for Wheezy-LTS

On Sun, May 22, 2016 at 07:34:29PM +0200, Guido Günther wrote: > Hi Mike, > I'm currently looking into building icedove 45 for Wheezy-LTS. I wonder > if I should do the same for Iceweasel or if you intend to keep > maintaining Iceweasel in LTS yourself? I don't know yet. The last message in bug

Re: Unsupported packages for Wheezy LTS

On Thu, Nov 05, 2015 at 08:43:38AM +0100, Moritz Muehlenhoff wrote: > On Thu, Nov 05, 2015 at 06:47:03AM +0900, Mike Hommey wrote: > > First and foremost, while GCC 4.7 is the current > > minimum version supported, it's likely to become GCC 4.8 in the near > > future, because

Re: Using the same nss in all suites

On Thu, Nov 05, 2015 at 09:00:51PM +0100, Florian Weimer wrote: > * Mike Hommey: > > > On ABI stability, both NSPR and NSS have a very strict policy. NSPR > > receives very few ABI changes, and it's only adding new functions. NSS > > has much more ABI changes, but also o

Re: Unsupported packages for Wheezy LTS

On Wed, Nov 04, 2015 at 05:44:36PM +0100, Raphael Hertzog wrote: > [ Many people are on copy, please trim the list as appropriate when you reply > ] > > On Wed, 19 Aug 2015, Moritz Muehlenhoff wrote: > > These need to be discussed, since they will be a significant > > time drain (e.g. are they

Re: Using the same nss in all suites

On Thu, Nov 05, 2015 at 08:25:47AM +0100, Guido Günther wrote: > Hi, > > Backporting fixes for nss can become a challenge over time due to: > > * Bugs related to MFAs (often containing test cases) being restricted so > one can only look at hg and try to find all the relevant commits. > > *

Re: squeeze update of nss?

On Sun, Nov 01, 2015 at 02:48:38PM +0100, Guido Günther wrote: > Hello dear maintainer, > > the Debian LTS team would like to fix the security issues which are > currently open in the Squeeze version of nss: > https://security-tracker.debian.org/tracker/CVE-2015-4000 > > Would you like to take