However, it seems that under the weight of security updates, and the hard work involved in backporting them to Debian's own version, Debian Stable will now track Firefox ESR (something testing already does, as I reported here).
Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, missing input sanitising vulnerabilities, use-after-free vulnerabilities, buffer overflows and other programming errors may lead to the execution of arbitrary code, privilege escalation, information leaks or cross-site-scripting.lists.debian.org
We're changing the approach for security updates for Iceweasel, Icedove and Iceape in stable-security: Instead of backporting security fixes, we now provide releases based on the Extended Support Release branch. As such, this update introduces packages based on Firefox 17 and at some point in the future we will switch to the next ESR branch once ESR 17 has reached it's end of life.
Debian Wheezy users can expect to see an update from Iceweasel 10 to 17 (and one from 17 to 24 at the end of the year). So Debian Stable users can now have (reasonably) up to date features as well as stability.
And Debian Wheezy users who would like to try out the latest features in the release version of Firefox (currently 21 at the time of writing) can get that too, as described here.
That’s really great, thanks for the update!
ReplyDeleteDo you now if the same policy will be adopted for Icedove/Thunderbird?
No news on that, sorry.
DeleteWell, reading the quote again, Icedove is included in the new policy, so I should say no news of when it will happen.
DeleteToday it happend, Icedove was updated to 17.0.7 :)
Delete