Accepted iceape 1.0.13~pre080614i-0etch1 (source all amd64)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 05 Jan 2009 23:18:37 +0100
Source: iceape
Binary: mozilla iceape-browser mozilla-calendar mozilla-js-debugger iceape iceape-calendar iceape-dom-inspector mozilla-psm mozilla-chatzilla mozilla-mailnews iceape-dbg iceape-gnome-support mozilla-dom-inspector iceape-dev iceape-chatzilla mozilla-browser iceape-mailnews mozilla-dev
Architecture: source all amd64
Version: 1.0.13~pre080614i-0etch1
Distribution: stable-security
Urgency: low
Maintainer: Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>
Changed-By: Alexander Sack <asac@canonical.com>
Description:
iceape - The Iceape Internet Suite
iceape-browser - Iceape Navigator (Internet browser) and Composer
iceape-calendar - Iceape Calendar
iceape-chatzilla - Iceape Chatzilla IRC client
iceape-dbg - Debugging symbols for the Iceape Internet Suite
iceape-dev - Development files for the Iceape Internet Suite
iceape-dom-inspector - DOM inspector for the Iceape Internet Suite
iceape-gnome-support - Gnome support for the Iceape Internet Suite
iceape-mailnews - Iceape Mail & Newsgroups and Address Book
mozilla - Transition package for the Iceape Internet Suite
mozilla-browser - Transition package for Iceape Navigator and Composer
mozilla-calendar - Transition package for Iceape Calendar
mozilla-chatzilla - Transition package for Iceape Chatzilla IRC client
mozilla-dev - Transition package for development file for the Iceape Internet S
mozilla-dom-inspector - Transition package for the DOM Inspector for the Iceape Internet
mozilla-js-debugger - Transition package for venkman
mozilla-mailnews - Transition package for Iceape Mail & Newsgroups and Address Book
mozilla-psm - Transition package for Iceape Navigator
Closes: 505565
Changes:
iceape (1.0.13~pre080614i-0etch1) stable-security; urgency=low
.
* security/stability update for issues discussed in firefox/thunderbird
2.0.0.15, 2.0.0.16, 2.0.0.17, 2.0.0.18, 2.0.0.19 (details below)
- Closes: #505565 - Mozilla SeaMonkey Multiple Vulnerabilities
* debian/calendar-1.0.9.tar.bz2.uue,control,rules: add uuencoded
calendar/ directory; unpack before patch-stamp in rules; adjust
build-deps
* debian/patches/99_configure.dpatch: refresh - run autoconf2.13
* debian/patches/{20_visibility,90_bz416282,90_bz419116,90_bz421622,
90_bz425576}.dpatch: drop patches now shipped/superseeded by upstream
tarball/patchset
* debian/patches/00list: Updated accordingly.
.
Advisory notes:
2.0.0.15:
* MFSA 2008-21 (layout) aka CVE-2008-2798 - Crashes with evidence of memory
corruption (rv:1.8.1.15) in layout engine
* MFSA 2008-21 (javascript) aka CVE-2008-2799 - Crashes with evidence of
memory corruption (rv:1.8.1.15) in the javascript engine
* MFSA 2008-22 aka CVE-2008-2800 - XSS through JavaScript same-origin
violation
* MFSA 2008-23 aka CVE-2008-2801 - Signed JAR tampering
* MFSA 2008-24 aka CVE-2008-2802 - Chrome script loading from fastload file
* MFSA 2008-25 aka CVE-2008-2803 - Arbitrary code execution in
mozIJSSubScriptLoader.loadSubScript()
* MFSA 2008-26 aka CVE-2008-0304-followup - Buffer length checks in MIME
processing
* MFSA 2008-27 aka CVE-2008-2805 - Arbitrary file upload via originalTarget
and DOM Range
* MFSA 2008-29 aka CVE-2008-2807 - Faulty .properties file results in
uninitialized memory being used
* MFSA 2008-30 aka CVE-2008-2808 - File location URL in directory listings
not escaped properly
* MFSA 2008-31 aka CVE-2008-2809 - Peer-trusted certs can use alt names to
spoof
* MFSA 2008-32 aka CVE-2008-2810 - Remote site run as local file via Windows
URL shortcut
* MFSA 2008-33 aka CVE-2008-2811 - Crash and remote code execution in block
reflow
2.0.0.16:
* MFSA 2008-34 aka CVE-2008-2785 - Remote code execution by overflowing CSS
reference counter
* MFSA 2008-35 aka CVE-2008-2933 - Command-line URLs launch multiple tabs
when Firefox not running
2.0.0.17:
* MFSA 2008-37 aka CVE-2008-0016 - UTF-8 URL stack buffer overflow
* MFSA 2008-38 aka CVE-2008-3835 - nsXMLDocument::OnChannelRedirect()
same-origin violation
* MFSA 2008-39 aka CVE-2008-3836 - Privilege escalation using feed preview
page and XSS flaw
* MFSA 2008-40 aka CVE-2008-3837 - Forced mouse drag
* MFSA 2008-41 aka CVE-2008-4058 (XPCnativeWrapper pollution bugs),
CVE-2008-4059 (XPCnativeWrapper pollution (Firefox 2)), CVE-2008-4060
(Documents without script handling objects) - Privilege escalation via
XPCnativeWrapper pollution
* MFSA 2008-42 aka CVE-2008-4061 (1.8 layout), CVE-2008-4062 (1.8
javascript) - Crashes with evidence of memory corruption
(rv:1.9.0.2/1.8.1.17)
* MFSA 2008-43 aka CVE-2008-4065 (Stripped BOM characters) - BOM
characters, low surrogates stripped from JavaScript before execution
* MFSA 2008-44 aka CVE-2008-4067, CVE-2008-4068 - resource: traversal
vulnerabilities
* MFSA 2008-45 aka CVE-2008-4069 - [1.8 branch] XBM appears to draw
uninitialized memory
* MFSA 2008-46 aka CVE-2008-4070 - Heap overflow when canceling newsgroup
message
2.0.0.18:
* MFSA 2008-48 aka CVE-2008-5012 - Image stealing via canvas and HTTP
redirect
* MFSA 2008-49 aka CVE-2008-5013 - Arbitrary code execution via Flash
Player dynamic module unloading
* MFSA 2008-50 aka CVE-2008-5014 - Crash and remote code execution via
__proto__ tampering
* MFSA 2008-52 aka CVE-2008-5017(1.8 layout), CVE-2008-5018(1.8 javascript)
- Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
* MFSA 2008-54 aka CVE-2008-0017 - Buffer overflow in http-index-format
parser
* MFSA 2008-55 aka CVE-2008-5021 - Crash and remote code execution in
nsFrameManager
* MFSA 2008-56 aka CVE-2008-5022 - nsXMLHttpRequest::NotifyEventListeners()
same-origin violation
* MFSA 2008-58 aka CVE-2008-5024 - Parsing error in E4X default namespace
* MFSA 2008-59 aka CVE-2008-4582 - Script access to .documentURI and
.textContent in mail
2.0.0.19:
* MFSA 2008-60 aka CVE-2008-5500 (layout) - Crashes with evidence of memory
corruption (rv:1.9.0.5/1.8.1.19)
* MFSA 2008-61 aka CVE-2008-5503 - Information stealing via
loadBindingDocument
* MFSA 2008-64 aka CVE-2008-5506 - XMLHttpRequest 302 response disclosure
* MFSA 2008-65 aka CVE-2008-5507 - Cross-domain data theft via script
redirect error message
* MFSA 2008-66 aka CVE-2008-5508 - Errors parsing URLs with leading
whitespace and control characters (fixed by bz451613)
* MFSA 2008-68 aka CVE-2008-5511(XSS via XBL bindings to unloaded document),
CVE-2008-5512(JavaScript privilege escalation) - XSS and JavaScript
privilege escalation
Files:
b780c722d772cde416bfbda0e6750e3f 2104 net optional iceape_1.0.13~pre080614i-0etch1.dsc
b5f28ad30d5e15dc67efa370c7f9ee59 42978498 net optional iceape_1.0.13~pre080614i.orig.tar.gz
fadf6ae5717e05ff353c52b8e90825d0 2033694 net optional iceape_1.0.13~pre080614i-0etch1.diff.gz
a508e9e68d99676fd897ecb1095486b7 30676 web optional iceape_1.0.13~pre080614i-0etch1_all.deb
aec7efa1351f2f41289ec6edc5d1da6c 3667564 devel optional iceape-dev_1.0.13~pre080614i-0etch1_all.deb
80fcf72ee4e4392b44e32f052ea70456 281076 net optional iceape-chatzilla_1.0.13~pre080614i-0etch1_all.deb
dc21b8434b9b72375e8df9fa94a7709d 29222 web optional mozilla_1.8+1.0.13~pre080614i-0etch1_all.deb
3a26ed7bbcdefc06ec0f34256733ad4e 30218 web optional mozilla-browser_1.8+1.0.13~pre080614i-0etch1_all.deb
b764c962b7bc3a9fc2a2c6c723b3129c 29358 devel optional mozilla-dev_1.8+1.0.13~pre080614i-0etch1_all.deb
3c5939146bfc6801b54a5e0584dca482 29248 mail optional mozilla-mailnews_1.8+1.0.13~pre080614i-0etch1_all.deb
33e0809ea09959c467e1379206e605ab 29244 net optional mozilla-chatzilla_1.8+1.0.13~pre080614i-0etch1_all.deb
ffa20451394a1d05f5da58116f133916 29232 web optional mozilla-psm_1.8+1.0.13~pre080614i-0etch1_all.deb
fc07419a1397db4a1f65f42123864c76 29264 web optional mozilla-dom-inspector_1.8+1.0.13~pre080614i-0etch1_all.deb
9f827631e7c410da840ca7ae095ebe2d 29260 devel optional mozilla-js-debugger_1.8+1.0.13~pre080614i-0etch1_all.deb
8027c7b507f7029d558846ad1e38db99 29224 misc optional mozilla-calendar_1.8+1.0.13~pre080614i-0etch1_all.deb
aff467dd69f1272dbcc1be14f0d96295 11683136 web optional iceape-browser_1.0.13~pre080614i-0etch1_amd64.deb
62268a914d78526df611190dbab5e6ca 55488 web optional iceape-gnome-support_1.0.13~pre080614i-0etch1_amd64.deb
2c7625187ee32f93a01b0f822face8f7 59742704 devel extra iceape-dbg_1.0.13~pre080614i-0etch1_amd64.deb
d25528c803f38c309c74427d5e0769c1 2094958 mail optional iceape-mailnews_1.0.13~pre080614i-0etch1_amd64.deb
45ce3f797e175feff8cbd20526008f7b 612120 misc optional iceape-calendar_1.0.13~pre080614i-0etch1_amd64.deb
50ea3e1f957a8c6ca761f651f25cba39 197202 web optional iceape-dom-inspector_1.0.13~pre080614i-0etch1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQIcBAEBAgAGBQJJYpIoAAoJEKBE/gcUDGZkWpEP/05TYAKRJBkAIaVpk/pP13it
+g2BFH+7zP6SUjFbaH4hWemB8vlLNOHa2B9GgBdUS5GUqLR1qlv7TZmZCJRSr9KZ
53nb/Owt8Pa9psVCeO2cqapsZpds+s4s2S1I/GFhEyECyU15O9iCCMPchhnJmFNi
P43PsMSh8CPm9KKQMRnRBPEE0EvmB5SjJaNIqfGTClbPu40daBJkBOYItXDEJIDm
I7lKS2h+7NfKGwqAIVtiipD9wRdgAE4+RwCXvxCywCSIrduqNrP5vmnnVEryo4Ad
mtutgIR1tZryyRM1kgF9f+eLVEiU28hYaVnMGBWiBnLI+LWWsf9yiNrb5BX2jogX
IL8eyzTWNvaP34RUEgaYM+hJ1jyFOFFOc+kUlhemzeckvyRrVSJOyOZLy/WNSi+t
ZFxfGaIgCaxuMGRuwsq9A5l10KwBA7oCA6kF6kyaGlTvSwoTXJntwCrqnxBxGPze
TfKQ2YR8wGKjwoTu014Aw5A4Jq3csLVbFEYFfs+5itNaJC/XqQVbcbon5ayZT+4x
avIX917wM85G8jXHMuEyR4dBfbbMvXmiewjHkAfI8pnt68x3mlYJbnqcOjNyve3y
yv6POKCWiq8m5TZ/xeRhXG60fg1xcKQ/71ys6yo8KY/4rYRykMdCmhSR82Ampoal
897p/4uSbWWq2c5jjRoE
=Begc
-----END PGP SIGNATURE-----
Accepted:
iceape-browser_1.0.13~pre080614i-0etch1_amd64.deb
to pool/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_amd64.deb
iceape-calendar_1.0.13~pre080614i-0etch1_amd64.deb
to pool/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_amd64.deb
iceape-chatzilla_1.0.13~pre080614i-0etch1_all.deb
to pool/main/i/iceape/iceape-chatzilla_1.0.13~pre080614i-0etch1_all.deb
iceape-dbg_1.0.13~pre080614i-0etch1_amd64.deb
to pool/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_amd64.deb
iceape-dev_1.0.13~pre080614i-0etch1_all.deb
to pool/main/i/iceape/iceape-dev_1.0.13~pre080614i-0etch1_all.deb
iceape-dom-inspector_1.0.13~pre080614i-0etch1_amd64.deb
to pool/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_amd64.deb
iceape-gnome-support_1.0.13~pre080614i-0etch1_amd64.deb
to pool/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_amd64.deb
iceape-mailnews_1.0.13~pre080614i-0etch1_amd64.deb
to pool/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_amd64.deb
iceape_1.0.13~pre080614i-0etch1.diff.gz
to pool/main/i/iceape/iceape_1.0.13~pre080614i-0etch1.diff.gz
iceape_1.0.13~pre080614i-0etch1.dsc
to pool/main/i/iceape/iceape_1.0.13~pre080614i-0etch1.dsc
iceape_1.0.13~pre080614i-0etch1_all.deb
to pool/main/i/iceape/iceape_1.0.13~pre080614i-0etch1_all.deb
iceape_1.0.13~pre080614i.orig.tar.gz
to pool/main/i/iceape/iceape_1.0.13~pre080614i.orig.tar.gz
mozilla-browser_1.8+1.0.13~pre080614i-0etch1_all.deb
to pool/main/i/iceape/mozilla-browser_1.8+1.0.13~pre080614i-0etch1_all.deb
mozilla-calendar_1.8+1.0.13~pre080614i-0etch1_all.deb
to pool/main/i/iceape/mozilla-calendar_1.8+1.0.13~pre080614i-0etch1_all.deb
mozilla-chatzilla_1.8+1.0.13~pre080614i-0etch1_all.deb
to pool/main/i/iceape/mozilla-chatzilla_1.8+1.0.13~pre080614i-0etch1_all.deb
mozilla-dev_1.8+1.0.13~pre080614i-0etch1_all.deb
to pool/main/i/iceape/mozilla-dev_1.8+1.0.13~pre080614i-0etch1_all.deb
mozilla-dom-inspector_1.8+1.0.13~pre080614i-0etch1_all.deb
to pool/main/i/iceape/mozilla-dom-inspector_1.8+1.0.13~pre080614i-0etch1_all.deb
mozilla-js-debugger_1.8+1.0.13~pre080614i-0etch1_all.deb
to pool/main/i/iceape/mozilla-js-debugger_1.8+1.0.13~pre080614i-0etch1_all.deb
mozilla-mailnews_1.8+1.0.13~pre080614i-0etch1_all.deb
to pool/main/i/iceape/mozilla-mailnews_1.8+1.0.13~pre080614i-0etch1_all.deb
mozilla-psm_1.8+1.0.13~pre080614i-0etch1_all.deb
to pool/main/i/iceape/mozilla-psm_1.8+1.0.13~pre080614i-0etch1_all.deb
mozilla_1.8+1.0.13~pre080614i-0etch1_all.deb
to pool/main/i/iceape/mozilla_1.8+1.0.13~pre080614i-0etch1_all.deb
Reply to: