Security Information / 2011 / Security Information -- DSA-2200-1 iceweasel

Debian Security Advisory

DSA-2200-1 iceweasel -- ssl certificate blacklist update

Date Reported:

23 Mar 2011

Affected Packages:

iceweasel

Vulnerable:

Yes

Security database references:

No other external database security references currently available.

More information:

This update for Iceweasel, a web browser based on Firefox, updates the certificate blacklist for several fraudulent HTTPS certificates.

More details can be found in a blog posting by Jacob Appelbaum of the Tor project.

For the oldstable distribution (lenny), this problem has been fixed in version 1.9.0.19-9 of the xulrunner source package.

For the stable distribution (squeeze), this problem has been fixed in version 3.5.16-6.

For the unstable distribution (sid), this problem has been fixed in version 3.5.18-1.

For the experimental distribution, this problem has been fixed in version 4.0~rc2-1.

We recommend that you upgrade your iceweasel packages.