Re: [SECURITY] [DSA 2227-1] iceape security update
Go srink beer, queens day!!!!
Sent from my iPhone
On Apr 30, 2011, at 17:16, "Moritz Muehlenhoff" <jmm@debian.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2227-1 security@debian.org
> http://www.debian.org/security/ Moritz Muehlenhoff
> April 30, 2011 http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package : iceape
> Vulnerability : several
> Problem type : remote
> Debian-specific: no
> CVE ID : CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069
> CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073
> CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078
> CVE-2011-0080 CVE-2011-0081
>
> Several vulnerabilities have been found in the Iceape internet suite, an
> unbranded version of Seamonkey:
>
> CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081
>
> "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,
> Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella
> discovered memory corruption bugs, which may lead to the execution
> of arbitrary code.
>
> CVE-2011-0065 CVE-2011-0066 CVE-2011-0073
>
> "regenrecht" discovered several dangling pointer vulnerabilities,
> which may lead to the execution of arbitrary code.
>
> CVE-2011-0067
>
> Paul Stone discovered that Java applets could steal information
> from the autocompletion history.
>
> CVE-2011-0071
>
> Soroush Dalili discovered a directory traversal vulnerability in
> handling resource URIs.
>
> The oldstable distribution (lenny) is not affected. The iceape package only
> provides the XPCOM code.
>
> For the stable distribution (squeeze), this problem has been fixed in
> version 2.0.11-5.
>
> For the unstable distribution (sid), this problem has been fixed in
> version 2.0.14-1.
>
> We recommend that you upgrade your iceape packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
>
> iEYEARECAAYFAk28IWoACgkQXm3vHE4uylrDDgCg1ZXfEbX8VEDGzDuv1SEmoC6V
> 5KEAoJ3cyOzWZW636lNOfKblmUtlqlxq
> =hCFE
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/20110430145224.GA3694@pisco.westfalen.local
>
Reply to: