mh at glandium.org
Fri May 11 07:10:24 UTC 2012
On Thu, May 10, 2012 at 08:34:21PM +0100, Steven Chamberlain wrote:
> Hi Mike,
> Are we sure that iceweasel 3.5.x needed this security fix in the first
> place? Any ideas which issue bug #732951 referred to and if it was
> exploitable here?
> The CVE's only refer to versions 4.x through 11.x (I guess because those
> are the maintained ones, though).
So, after a more thorough analysis, it turns out while the bug addressed
in that CVE exists in 3.5, it has less dramatic consequences. It will
"only" lead to a SEGV_ACCERR segmentation fault, instead of doing a
I'll thus back this patch out and upload a fixed version.
More information about the pkg-mozilla-maintainers