From mboxrd@z Thu Jan  1 00:00:00 1970
From: ng0 <ng0@we.make.ritual.n0.is>
Subject: Re: Unpatched security flaws in GNU IceCat 38
Date: Thu, 04 Aug 2016 12:43:23 +0000
Message-ID: <87shukbt78.fsf@we.make.ritual.n0.is>
References: <87lh0dz106.fsf@netris.org>
	<idjmvkssxib.fsf@bimsb-sys02.mdc-berlin.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:45186)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ng0@we.make.ritual.n0.is>) id 1bVHzq-0003JH-7m
	for guix-devel@gnu.org; Thu, 04 Aug 2016 08:43:35 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ng0@we.make.ritual.n0.is>) id 1bVHzn-0002Pv-TJ
	for guix-devel@gnu.org; Thu, 04 Aug 2016 08:43:33 -0400
Received: from mithlond.libertad.in-berlin.de ([2001:67c:1400:2490::1]:53981
	helo=beleriand.n0.is) by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ng0@we.make.ritual.n0.is>) id 1bVHzn-0002Pf-FP
	for guix-devel@gnu.org; Thu, 04 Aug 2016 08:43:31 -0400
Received: by beleriand.n0.is (OpenSMTPD) with ESMTPSA id 9b37e286
	TLS version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NO for <guix-devel@gnu.org>;
	Thu, 4 Aug 2016 12:43:29 +0000 (UTC)
In-Reply-To: <idjmvkssxib.fsf@bimsb-sys02.mdc-berlin.net>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: guix-devel@gnu.org

Ricardo Wurmus <ricardo.wurmus@mdc-berlin.de> writes:

> Mark H Weaver <mhw@netris.org> writes:
>
>> I'm sorry to report that GNU IceCat 38 can no longer be safely used, due
>> to critical security flaws that are believed to allow remote code
>> execution.  I was unable to backport upstream fixes from 45.3 to 38.
>>
>> Until IceCat 45.3 is available, I recommend that you use Epiphany.
>
> Thanks, Mark, for the heads-up.
>
> Since our package for Conkeror also uses IceCat under the hood I suppose
> our version of Conkeror also cannot be safely used at this point.
>
> ~~ Ricardo

This is bad news.

Should we consider the efforts and get torbrowser packaged as I wrote
about in the torbrowser thread, which is now at 45.3.0 with release
torbrowser-6.0.3 to have at least one 45.3x firefox based browser?
-- 
♥Ⓐ  ng0
Current Keys: https://we.make.ritual.n0.is/ng0.txt
For non-prism friendly talk find me on http://www.psyced.org