SeaMonkey 1.1.3 and CVE-2007-3845
Michael C
sieverfrisch at yahoo.ie
Thu Oct 4 00:15:42 UTC 2007
Todd Zullinger wrote:
> Michael C wrote:
>> I've just installed Fedora 7 and downloaded Seamonkey, only to find that
>> the repositories still contain version 1.1.3. This is subject to a
>> critical, cross-platform vulnerability
>> (https://bugzilla.mozilla.org/show_bug.cgi?id=389106) fixed as of
>> version 1.1.4, released on August 3.
>>
>> What's the most appropriate means of requesting an update?
>
> bugzilla.redhat.com is the way to make the issue known. Looking at
> the fedora-security audit for F7, it seems that this is already known
> but marked as windows specific.
>
>
http://cvs.fedora.redhat.com/viewcvs/fedora-security/audit/fc7?root=fedora&view=markup
>
> CVE-2007-3845 ignore (firefox) windows specific
>
> If you know this isn't the case, please file a bug report. Include
> the CVE number and any references that show this affects packages as
> shipped in Fedora.
>
Thanks. Re the corresponding vulnerability in Firefox 2.0.0.5, Fedora
seems to have taken the same view as openSUSE, whilst Ubuntu, Debian and
Slackware provided patches.
More information about the fedora-list
mailing list