SeaMonkey 1.1.3 and CVE-2007-3845
Todd Zullinger
tmz at pobox.com
Wed Oct 3 23:05:40 UTC 2007
Michael C wrote:
> I've just installed Fedora 7 and downloaded Seamonkey, only to find that
> the repositories still contain version 1.1.3. This is subject to a
> critical, cross-platform vulnerability
> (https://bugzilla.mozilla.org/show_bug.cgi?id=389106) fixed as of
> version 1.1.4, released on August 3.
>
> What's the most appropriate means of requesting an update?
bugzilla.redhat.com is the way to make the issue known. Looking at
the fedora-security audit for F7, it seems that this is already known
but marked as windows specific.
http://cvs.fedora.redhat.com/viewcvs/fedora-security/audit/fc7?root=fedora&view=markup
CVE-2007-3845 ignore (firefox) windows specific
If you know this isn't the case, please file a bug report. Include
the CVE number and any references that show this affects packages as
shipped in Fedora.
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A great many people think they are thinking when they are merely
rearranging their prejudices.
-- William James
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20071003/e9cd22a1/attachment-0001.sig>
More information about the fedora-list
mailing list