icedove 3.0.11-1+squeeze7 security update induced bug from testing

To: debian-security@lists.debian.org, 626812@bugs.debian.org, Alexander Sack <asac@debian.org>, Guido Guenther <agx@sigxcpu.org>, Christoph Goehre <chris@sigxcpu.org>
Subject: icedove 3.0.11-1+squeeze7 security update induced bug from testing
From: Jens Stimpfle <stimpfle@email.mathematik.uni-freiburg.de>
Date: Fri, 17 Feb 2012 16:58:09 +0100
Message-id: <20120217155809.GA26636@tux00.mathematik.uni-freiburg.de>
Reply-to: sysadm@email.mathematik.uni-freiburg.de

This was posted on #626812, but I'm not sure it got the
attention it deserves (The previous message was already 6 months old):

Jan Harnisch <jan.willi@bnhof.de>, Sun, 12 Feb 2012 01:23:42 +0100:
> Package: icedove
> Version: 3.0.11-1+squeeze7
> 
> Hi,
> 
> it seems the bug found its way into Squeeze with the latest security 
> update. Briefly tried the above workarounds, but so far without success.
> Best regards
> 
> Jan

I can confirm that the bug is now in Squeeze. It affects most
of our icedove setups. The suggested workaround "LD_BIND_NOW=1 icedove"
worked on both an amd64 and an i386 machine. After one successful launch
the linker variable isn't needed again unless ~/.icedove/ is removed.

Unfortunately, I'm not much into linking, but would like to direct
attention to this bug. I could also provide lists of installed packages
for both affected and unaffected packages, even before monday if it
really helps.

-Jens Stimpfle

Reply to:

Prev by Date: request CVE for vdrtestleak
Next by Date: Re: Debian: automated embedded code copy discovery
Previous by thread: request CVE for vdrtestleak
Next by thread: Re: Debian: automated embedded code copy discovery
Index(es):
- Date
- Thread