Fedora Users — Re: SeaMonkey 1.1.3 and CVE-2007-3845

Re: SeaMonkey 1.1.3 and CVE-2007-3845

Date Prev

Date Next

Thread Prev

Thread Next

Date Index

Thread Index

To: fedora-list <fedora-list@xxxxxxxxxx>

Subject: Re: SeaMonkey 1.1.3 and CVE-2007-3845

From: Michael C <sieverfrisch@xxxxxxxx>

Date: Thu, 04 Oct 2007 01:15:42 +0100

In-reply-to: <20071003230540.GC10067@xxxxxxxxxxxxxxxxxxxxxxxxx>

References: <47041325.2070004@xxxxxxxx> <20071003230540.GC10067@xxxxxxxxxxxxxxxxxxxxxxxxx>

Reply-to: For users of Fedora <fedora-list@xxxxxxxxxx>

User-agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.5) Gecko/20070727 Fedora/1.1.3-2.fc7 SeaMonkey/1.1.3

Todd Zullinger wrote:

Michael C wrote:

I've just installed Fedora 7 and downloaded Seamonkey, only to find that
the repositories still contain version 1.1.3. This is subject to a
critical, cross-platform vulnerability
(https://bugzilla.mozilla.org/show_bug.cgi?id=389106) fixed as of
version 1.1.4, released on August 3.

What's the most appropriate means of requesting an update?


bugzilla.redhat.com is the way to make the issue known.  Looking at
the fedora-security audit for F7, it seems that this is already known
but marked as windows specific.

http://cvs.fedora.redhat.com/viewcvs/fedora-security/audit/fc7?root=fedora&view=markup


CVE-2007-3845 ignore (firefox) windows specific

If you know this isn't the case, please file a bug report.  Include
the CVE number and any references that show this affects packages as
shipped in Fedora.


Thanks. Re the corresponding vulnerability in Firefox 2.0.0.5, Fedora
seems to have taken the same view as openSUSE, whilst Ubuntu, Debian and
Slackware provided patches.