Debian Bug report logs - #505565
Mozilla SeaMonkey Multiple Vulnerabilities

Package: iceape; Maintainer for iceape is (unknown);

Reported by: Giuseppe Iuculano <giuseppe@iuculano.it>

Date: Thu, 13 Nov 2008 15:18:01 UTC

Severity: critical

Tags: security

Fixed in version 1.1.13-1

Done: Mike Hommey <mh@glandium.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>:
Bug#505565; Package iceape. (Thu, 13 Nov 2008 15:18:03 GMT) (full text, mbox, link).

Acknowledgement sent to Giuseppe Iuculano <giuseppe@iuculano.it>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>. (Thu, 13 Nov 2008 15:18:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: iceape
Severity: critical
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

The following SA (Secunia Advisory) id was published for SeaMonkey:

SA32714[1]

Description:
Some vulnerabilities have been reported in Mozilla SeaMonkey, which can
be exploited by malicious people to disclose sensitive information,
bypass certain security restrictions, or compromise a user's system.

For more information:
SA32693

The vulnerabilities are reported in versions prior to 1.1.13.

Solution:
Update to version 1.1.13.

Original Advisory:
http://www.mozilla.org/security/announce/2008/mfsa2008-47.html
http://www.mozilla.org/security/announce/2008/mfsa2008-48.html
http://www.mozilla.org/security/announce/2008/mfsa2008-49.html
http://www.mozilla.org/security/announce/2008/mfsa2008-50.html
http://www.mozilla.org/security/announce/2008/mfsa2008-52.html
http://www.mozilla.org/security/announce/2008/mfsa2008-54.html
http://www.mozilla.org/security/announce/2008/mfsa2008-55.html
http://www.mozilla.org/security/announce/2008/mfsa2008-56.html
http://www.mozilla.org/security/announce/2008/mfsa2008-57.html
http://www.mozilla.org/security/announce/2008/mfsa2008-58.html

Other References:
SA32693[2]

If you fix the vulnerability please also make sure to include the the
CVE id in the changelog entry.

[1]http://secunia.com/advisories/32714/
[2]http://secunia.com/advisories/32693/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkcRCgACgkQNxpp46476aonswCeMfUB5+j2+eLl1Z8P9u1QnqZo
yU0An3CqF9pgPfO6J/qI9fF/i0yIp+jt
=QbeL
-----END PGP SIGNATURE-----

Information forwarded to debian-bugs-dist@lists.debian.org, Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>:
Bug#505565; Package iceape. (Thu, 20 Nov 2008 23:03:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>. (Thu, 20 Nov 2008 23:03:04 GMT) (full text, mbox, link).

Message #10 received at 505565@bugs.debian.org (full text, mbox, reply):

On Thu, Nov 13, 2008 at 04:13:46PM +0100, Giuseppe Iuculano wrote:
> Package: iceape
> Severity: critical
> Tags: security

Iceape still badly needs someone who's willing to care of security
updates for iceape during Lenny life time and has the time to do
so, as described in my mail to debian-devel from the 4th October:

| From: Moritz Muehlenhoff <jmm@inutil.org>
| Newsgroups: gmane.linux.debian.devel.general
| Subject: Volunteer needed for Iceape security updates in Lenny
|
| A volunteer is needed to build and test the Iceape security updates
| in Lenny. Patches are provided through a patch set for each update
| round, but the Security Team and the Mozilla maintainers lack the
| ressources for the proper integration work. So if you use Iceape
| and want to continue to use it in Lenny please step forward and
| mail pkg-mozilla-maintainers@lists.alioth.debian.org and keep
| team@security.debian.org CCed.

The other option (throwing it out) will be difficult, since 17 packages
build-depend on iceape-dev nowadays.

Cheers,
        Moritz

Reply sent to Mike Hommey <mh@glandium.org>:
You have taken responsibility. (Sat, 06 Dec 2008 09:09:07 GMT) (full text, mbox, link).

Notification sent to Giuseppe Iuculano <giuseppe@iuculano.it>:
Bug acknowledged by developer. (Sat, 06 Dec 2008 09:09:08 GMT) (full text, mbox, link).

Message #15 received at 505565-done@bugs.debian.org (full text, mbox, reply):

Version: 1.1.13-1

On Thu, Nov 13, 2008 at 04:13:46PM +0100, Giuseppe Iuculano wrote:
> Solution:
> Update to version 1.1.13.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 06 Jan 2009 07:34:22 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Jan 11 15:24:50 2018; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Debian Bug report logs - #505565 Mozilla SeaMonkey Multiple Vulnerabilities

Debian Bug report logs - #505565
Mozilla SeaMonkey Multiple Vulnerabilities