From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mike Gerwitz <mtg@gnu.org>
Subject: Re: Unpatched security flaws in GNU IceCat 38
Date: Wed, 03 Aug 2016 23:52:00 -0400
Message-ID: <87wpjxdwdb.fsf@gnu.org>
References: <87lh0dz106.fsf@netris.org>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:44664)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <mtg@gnu.org>)
	id 1bV9mx-0004fx-5f
	for guix-devel@gnu.org; Wed, 03 Aug 2016 23:57:44 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mtg@gnu.org>) id 1bV9mu-00035W-Nk
	for guix-devel@gnu.org; Wed, 03 Aug 2016 23:57:42 -0400
In-Reply-To: <87lh0dz106.fsf@netris.org> (Mark H. Weaver's message of "Wed, 03
	Aug 2016 23:06:17 -0400")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Mark H Weaver <mhw@netris.org>
Cc: guix-devel@gnu.org

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Mark:

On Wed, Aug 03, 2016 at 23:06:17 -0400, Mark H Weaver wrote:
> I'm sorry to report that GNU IceCat 38 can no longer be safely used, due
> to critical security flaws that are believed to allow remote code
> execution.  I was unable to backport upstream fixes from 45.3 to 38.
>
> Until IceCat 45.3 is available, I recommend that you use Epiphany.

Could you elaborate?  I assume you're referencing this:

  https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/=
#firefoxesr45.2

Are you going to be publishing an announcement about this?  Sorry if I
missed it; gnu.org/s/icecat doesn't mention anything.

=2D-=20
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
https://mikegerwitz.com       | GPG Key ID: 0x8EE30EAB

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXor0eAAoJEPIruBWO4w6rs0EQAJUXxnaomlE519J/NWgxgK8K
BYOCqBS+AvTH7Lr6lAnPKhgHZ6BkyzpBQSz8MqcGdFQrPOOERNM5EIIpFxX1CZWT
gEsyoJpc2wrgszkdb0wD4X+Nb7lCz+6f/9VIHEi15DMvib+9vsQSeB6Yu9JyfFLB
eUwzKdv9BkbojYQezGP+IPjqAKMcz27xlSFXNozf4Hl01RC7qXSRIIageOb+76rS
8nLmE+0OgbcVNaSzIus4WOmqiLfq31fzsLf879EbG1j9CEt9Z6sVXEQ3mUZFAmpU
Kmcg80rxHLq5Clpjn+X7n1LuVe1/IazfMIJ0yZAtvgv4nbbW+yFbqKA/u/RFFt+s
d7n2m90Ar5Hs2EoMIxTizVZT91YGJrwPCPdqUBexQrWFvRjsXyShId7pmFAIwKD7
AbmqWZVffSdfc1caQ+h+7GAj+o0jGWSeyQXm44Px1GK3JCxB057w0amK7U73Hmv1
IChzNhc02C65gGyUVODibFQKQezaxNTnCZ5zP6eD/i714BMYBLEiT1GXNCekLQhl
6Q4kz4FwsfKd34SvPG9OjN9dLHtecnBR0f50iixst3Y++7Dxg8VstUE/kd/NXi2B
CyIuN+6Jo9OyoyRSyNzsVfwFpEHh0CSh4kCBiEwG566RJ1zHtwgYRXJ7TDEUGihj
RLdJci7QObd5p/F9p6Gt
=4RE9
-----END PGP SIGNATURE-----
--=-=-=--