heise.de sports mozilla bumping FF and TB (not sure about SM) to 22.214.171.124 WRT security fixes. There's nothing on the site as of now, so this is just a placeholder/reminder for us.
*** Bug 147635 has been marked as a duplicate of this bug. ***
Details on the new releases:
There's also a new Seamonkey (1.0.5) with nearly the same list of fixes.
Thanks for the info; enough in there to get the machine rollling IMHO.
Ok, folks, let's once again share the excitement of brushing up Mozilla!
... o_O ...
After last time's chaos I'm turning this into a tracker, please see the three separate bugs for individual products.
Thanks in advance!
*** Bug 147648 has been marked as a duplicate of this bug. ***
[15:32] <gustavoz> jaervosz: on a side note if they bump nspr/nss to stable it would be good to do ff/tb at the same time since it usually breaks ABI
[15:33] <gustavoz> so if you upgrade nspr/nss after building ff it breaks
Updating to include dev-libs/spr and dev-libs/nss.
OpenOffice includes nss, nspr and several other Mozilla libraries...
(In reply to comment #6)
> [15:32] <gustavoz> jaervosz: on a side note if they bump nspr/nss to stable it
> would be good to do ff/tb at the same time since it usually breaks ABI
> [15:33] <gustavoz> so if you upgrade nspr/nss after building ff it breaks
if this is the case (nobody knows for sure with mozilla-people) the gentoo ABI-versioning patches should be bumped, which will make this be handled from revdep-rebuild. Normally they don't change the ABI with minor version bumps...
pauldv, suka: could you please comment on comment #8
Does OOo include (vulnerable) versions of mozillas nss?
(In reply to comment #10)
> pauldv, suka: could you please comment on comment #8
> Does OOo include (vulnerable) versions of mozillas nss?
Mozilla is indeed included in the source, but nobody is using that, including us. Instead we are using firefox, nss and nspr from the system to build the mozilla connectivity. So the source-based builds should be safe.
Regarding the binary-version: The mozilla stuff is only used for two things: Enabling to access the Mozilla adress book as a data source and building a browser plugin for OOo. But right: There is a libnss and libnspr in the tarball, so no clue if that is security relevant. As I'm no security expert, I guess I let someone else do the judging. Just might point out, that I've never heard about an OOo security bump anywhere (for instance this would also be relevant for windows) because of a mozilla problem. But who knows...
Closing with a headshot. Thanks everyone for sharing tha pain.