cvshome.org released an update with a security advisory for a remote code execution vulnerability on April 18th. https://ccvs.cvshome.org/servlets/NewsItemView?newsItemID=141 The upgrade has already been completed on the mozilla.org servers (earlier this morning), but we never got a bug filed on it, so filing one for the records.
RedHat has yet to issue an errata on this, but we're too high-profile a site to wait for them. I built an SRPM of 1.11.20 plus the NoReadLocks patch, which is on vegas:/usr/src/redhat/SRPMS
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Priority: -- → P1
Resolution: --- → FIXED
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.