Re: [SECURITY] [DSA 2227-1] iceape security update

To: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Subject: Re: [SECURITY] [DSA 2227-1] iceape security update
From: Michel Kamphuis <Michel@office.m3groep.nl>
Date: Sat, 30 Apr 2011 17:51:17 +0200
Message-id: <[🔎] D4FB7660-718C-427E-BD8B-840351DEC388@office.m3groep.nl>
In-reply-to: <20110430145224.GA3694@pisco.westfalen.local>
References: <20110430145224.GA3694@pisco.westfalen.local>

Go srink beer, queens day!!!!

Sent from my iPhone

On Apr 30, 2011, at 17:16, "Moritz Muehlenhoff" <jmm@debian.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2227-1                   security@debian.org
> http://www.debian.org/security/                        Moritz Muehlenhoff
> April 30, 2011                         http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
> 
> Package        : iceape
> Vulnerability  : several
> Problem type   : remote
> Debian-specific: no
> CVE ID         : CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 
>                 CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073 
>                 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 
>                 CVE-2011-0080 CVE-2011-0081 
> 
> Several vulnerabilities have been found in the Iceape internet suite, an
> unbranded version of Seamonkey:
> 
> CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081
> 
>   "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,
>   Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella 
>   discovered memory corruption bugs, which may lead to the execution
>   of arbitrary code.
> 
> CVE-2011-0065 CVE-2011-0066 CVE-2011-0073
> 
>   "regenrecht" discovered several dangling pointer vulnerabilities,
>   which may lead to the execution of arbitrary code.
> 
> CVE-2011-0067
> 
>   Paul Stone discovered that Java applets could steal information
>   from the autocompletion history.
> 
> CVE-2011-0071
> 
>   Soroush Dalili discovered a directory traversal vulnerability in
>   handling resource URIs.
> 
> The oldstable distribution (lenny) is not affected. The iceape package only
> provides the XPCOM code.
> 
> For the stable distribution (squeeze), this problem has been fixed in
> version 2.0.11-5.
> 
> For the unstable distribution (sid), this problem has been fixed in
> version 2.0.14-1.
> 
> We recommend that you upgrade your iceape packages.
> 
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
> 
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> 
> iEYEARECAAYFAk28IWoACgkQXm3vHE4uylrDDgCg1ZXfEbX8VEDGzDuv1SEmoC6V
> 5KEAoJ3cyOzWZW636lNOfKblmUtlqlxq
> =hCFE
> -----END PGP SIGNATURE-----
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/20110430145224.GA3694@pisco.westfalen.local
>

Reply to:

Prev by Date: Re: Hash algorithms used by APT to verify authenticity of installed files.
Previous by thread: RE: [SECURITY] [DSA 2222-1] tinyproxy security update
Index(es):
- Date
- Thread