Summary: | net-libs/gecko-sdk: 1.7.7 might include security fixes | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Xake <kanelxake> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | josejx, mozilla |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | B2? [ebuild+] koon | ||
Package list: | Runtime testing required: | --- |
Description
Xake
2005-04-24 15:10:43 UTC
It obviously depends on the security issues... Pure gecko things like buffer overflows in rendering or image loading would certainly be affected. Javascript privilege escalations are a little less obvious... In all cases, better safe than sorry. Moz team, please bump to 1.7.7 GeckoSDK doesn't actually contain the gecko rendering engine, it only includes the files needed to build applications that link to the engine. This includes a few programs for parsing idl files and librarys to allow XPCom linking. The 1.7.5 version in portage is already using 1.7.6 internally to fix compile problems with mozilla, but I didn't bump the version number as there wouldn't be a reason for someone to want to recompile all of mozilla for an updated version of the SDK. Unless the security issue is with LibXPCom, I don't think it's worth bumping the version number to force a recompile. If someone on the security or Mozilla team feels otherwise, I'd be happy to do it. Then it's INVALID as a security bug. It may be reopened as a bump request assigned to maintainer, though. |