Re: [SECURITY] [DSA 2762-1] icedove security update

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 2762-1] icedove security update
From: Vladimir Kosmala <vladimir@kosmala.fr>
Date: Mon, 23 Sep 2013 20:03:09 +0200
Message-id: <[🔎] CAF88BBHgh7mqPa2bXsSi9q1gYfpySoxM8i0eVEhCNTsSHgptNw@mail.gmail.com>
In-reply-to: <20130923154112.GA5434@pisco.westfalen.local>
References: <20130923154112.GA5434@pisco.westfalen.local>

unsubscribe
--
Vladimir


2013/9/23 Moritz Muehlenhoff <jmm@debian.org>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2762-1                   security@debian.org
> http://www.debian.org/security/                        Moritz Muehlenhoff
> September 23, 2013                     http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package        : icedove
> Vulnerability  : several
> Problem type   : remote
> Debian-specific: no
> CVE ID         : CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730
>                  CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737
>
> Multiple security issues have been found in Icedove, Debian's version of
> the Mozilla Thunderbird mail and news client. Multiple memory safety
> errors and buffer overflows may lead to the execution of arbitrary code.
>
> The Icedove version in the oldstable distribution (squeeze) is no longer
> supported with full security updates. However, it should be noted that
> almost all security issues in Icedove stem from the included browser engine.
> These security problems only affect Icedove if scripting and HTML mails
> are enabled. If there are security issues specific to Icedove (e.g. a
> hypothetical buffer overflow in the IMAP implementation) we'll make an
> effort to backport such fixes to oldstable.
>
> For the stable distribution (wheezy), these problems have been fixed in
> version 17.0.9-1~deb7u1.
>
> For the unstable distribution (sid), these problems will be fixed soon.
>
> We recommend that you upgrade your icedove packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.14 (GNU/Linux)
>
> iEYEARECAAYFAlJAYAMACgkQXm3vHE4uyloHvQCfZewSJNa3AZEFWsbP5AZhUFCW
> TZwAoOK6L6Ejd317WtCH9EyfsjRJnWDh
> =QBlT
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/20130923154112.GA5434@pisco.westfalen.local
>

Reply to:

Prev by Date: Re: Script to System Check Integrity against Debian Package Repository
Next by Date: Re: [SECURITY] [DSA 2766-1] linux-2.6 security update
Previous by thread: Re: Upcoming oldstable point release (6.0.8)
Next by thread: Re: [SECURITY] [DSA 2766-1] linux-2.6 security update
Index(es):
- Date
- Thread