Hi, Mozilla has released security updates for its 1.8 and 1.8.0 branches, respectively 1.8.1.2 (for Firefox 2.0.0.2) and 1.8.0.10 (for Seamonkey 1.0.8, Thunderbird 1.5.0.10).
While on the 1.8 branch, the changes to nspr and nss might not be as substancial, the changes to the 1.8.0 branch consisted in taking new upstream versions: Mozilla version 1.8.0.9 1.8.1.1 1.8.0.10 and 1.8.1.2 NSPR version 4.6.1 4.6.4 4.6.5 NSS version 3.10.2 3.11.4 3.11.5 The changes between minor versions might mostly be security updates, though I've not have time and probably won't have much to dig into the code and/or upstream CVS. So while we're mostly safe with the iceweasel upgrade, we may be going to introduce new versions of NSPR and NSS if we blindly upgrade to the latest 1.8.0 branch releases. While it may not be a huge problem with iceape and icedove, since they are using their own copies of the libraries, it may be more of a problem for xulrunner which provides libnss and libnspr for other packages to build. I *won't* have time to cherry pick security fixes to make a proper upload involving less risk for the release, so I'm requesting for help: - either be allowed to upload these new versions to the archive - or someone (could be several someones) motivated enough and with a lot of spare time could cherry pick the security fixes for nspr and nss for incorporation in the 1.8.0 branch. I'll let the RMs decide whether iceape and icedove upgrades are less problematic since they don't involve reverse dependencies. The iceweasel upgrade may only involve security fixes and minor enhancements, but I've not looked into the changes yet, but I hope Eric will ;). The only thing I can tell to reassure you is that NSPR and NSS have strong ABI stability requirements, since they are used by closed-source products such as SunOne, so we're probably safe here. OTOH, NSS added some new stuff (such as libfreebl) that may need some care to not mess with, especially on xulrunner, but I've had to deal with it with iceweasel so that's not a big surprise. Cheers, Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
