[Bugs] #694 URGE: xulrunner: security update

[SugarLabs Bugs]

#694: xulrunner: security update
------------------------------+---------------------------------------------
    Reporter:  sascha_silbe   |          Owner:  sascha_silbe               
        Type:  defect         |         Status:  closed                     
    Priority:  Urgent         |      Milestone:  Unspecified by Release Team
   Component:  sugar-jhbuild  |        Version:  Git as of bugdate          
    Severity:  Critical       |     Resolution:  wontfix                    
    Keywords:                 |   Distribution:  Unspecified                
Status_field:  Assigned       |  
------------------------------+---------------------------------------------
Changes (by sascha_silbe):

  * status:  new => closed
  * resolution:  => wontfix


Comment:

 I won't fix this one and instead wait for 1.9.0.8. Debian doesn't include
 any patches for it, but instead modified the source directly (500kB
 uncompressed diff for all changes). Mozilla didn't point to any official
 patch or even a SVN/whatever revision where the fix got applied, so
 getting it from there would mean scanning all recent changes to the
 repository (if it's public at all, haven't checked).
 If somebody else has a patch I'll apply it, but I don't have the time for
 further research.
 +2 for kicking xulrunner as soon as we get the chance (webkit?). 2 weeks
 now and no fixed version available, even though it's a high-profile
 exploit (winning entry on a public cracking contest).

-- 
Ticket URL: <http://dev.sugarlabs.org/ticket/694#comment:3>
Sugar Labs <http://sugarlabs.org/>
Sugar Labs bug tracking system