Re: [Tails-dev] What to do with Firefox 17.0.11ESR?

Nachricht löschen

Nachricht beantworten
Autor: winterfairy
Datum:  
To: tails-dev
Betreff: Re: [Tails-dev] What to do with Firefox 17.0.11ESR?
intrigeri wrote:
> it's getting that obvious nobody has time to manage an interim
> release, so we should put out a security advisory. The least we can do
> is to tell users what the risks are.


It sounds like only NSS (libnss) have to be updated [1].
Is it unlikely that Debian will update the NSS backport with this security
update?

Because if it was updated, the user would only need to run a simple apt or
dpkg command, right?

By the way, it seems that we are currently running an outdated vulnerable
libnss version anyway, because it is installed from backports and not
updated there. Version 3.14.4 also fixed a security issue [2], and
backports has an unpatched [3] version 3.14.3.

[1] https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
[2] https://developer.mozilla.org/en-US/docs/NSS/NSS_3.14.4_release_notes
[3]
http://ftp.us.debian.org/debian-backports/pool/main/n/nss/nss_3.14.3-1~bpo60%2b1.debian.tar.gz