[BSA-038] Security Update for icedove
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Christoph Göhre uploaded new packages for icedove which fixed the following
security problems:
CVE-2011-0083
Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in
the implementation of SVG element lists allows remote attackers to cause a
denial of service (application crash) or possibly execute arbitrary code via
vectors involving a user-supplied callback.
CVE-2011-0085
Use-after-free vulnerability in the nsXULCommandDispatcher function allows
remote attackers to execute arbitrary code via a crafted XUL document that
dequeues the current command updater.
CVE-2011-2362
Icedove do not distinguish between cookies for two domain names that differ
only in a trailing dot, which allows remote web servers to bypass the Same
Origin Policy via Set-Cookie headers.
CVE-2011-2363
Use-after-free vulnerability in the nsSVGPointList::AppendElement function in
the implementation of SVG element lists allows remote attackers to cause a
denial of service (application crash) or possibly execute arbitrary code via
vectors involving a user-supplied callback.
CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2376
Unspecified vulnerability allows remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code.
CVE-2011-2371
Integer overflow in the Array.reduceRight method allows remote attackers to
execute arbitrary code via vectors involving a long JavaScript Array object.
CVE-2011-2373
Use-after-free vulnerability allows remote attackers to execute arbitrary
code via a crafted XUL document.
CVE-2011-2377
Allow remote attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via a
multipart/x-mixed-replace image.
For the squeeze-backports distribution, this problem have been fixed in
version 3.1.11-1~bpo60+1.
For the testing distribution (wheezy), this problem has been fixed in
version 3.1.11-1.
For the unstable distribution (sid), this problem has been fixed in
version 3.1.11-1.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJODgMFAAoJECbjyHWnRCDvy48P/1Q3S7rjbeoTVB7efk6xV3/r
/UVtFMe7JDOUnJRMHY3ldWB299nYE8T0jhBvGMP8CN9DzwBzFKrGQ+0dY6nFni2L
osqwZ+pA3Si8DasXgS2plJ2GkoaM92W0jonIdc6qtPRK10LgAqhk0g41aIBTBYTL
GG1HC8qlcLDNy/2CEdHDbdvhET+enkQ+EcL9aQLZS1aDYSgkIBFdICB0goP5wlUm
zojiV9G7eOcDK07+Sr1ppOrhZDrYv7tRo97nmafZCc/5HkqWLmOGufeEOrNFDcpB
9d79GZ6zrs/DfO70HJXY9kWCbBJVrNeKHdDzKmBbsjxiSli9qORkClc3ge4Ki192
T4AaeCkJ7UETf2hgmtY5aD/ynUh9qlLVRRiG0z4lBZyylRii41+2UxC6kGPjpPma
b17CJ5Dh3fQIO8IJEjAPvbOubfyiCA2vX2JKWz9QAeWAU0p1l3ZJlBouLUNvpkWX
erqELKasUiGlqGiHTHWUt/xBIwuRL7zxMdo31M+Tw+yrpS3q2ItcDKfwQkz6exVC
zaaoSECEIu2yWCY8VyZ3Jtlu3IZZNhqoDW7YVPN/F99cmgHQxpO0gDOErq7iSDBu
lfzd8xmJCsSqNHY4dmju2IFvnuRDr/4tQDDCGwSYr3U9u+HHJqmKQuo+Wabam33H
6Iob0Iv/7MxUhNtYJ85b
=Gaca
-----END PGP SIGNATURE-----
Reply to: