Re: [SECURITY] [DSA 2746-1] icedove security update

To: "<debian-security@lists.debian.org>" <debian-security@lists.debian.org>
Subject: Re: [SECURITY] [DSA 2746-1] icedove security update
From: Ralf Lehner <rdl@rdl.at>
Date: Thu, 29 Aug 2013 17:51:21 +0000
Message-id: <[🔎] 5D5A6211-40A6-4848-8E0F-39D9A380AF93@rdl.at>
In-reply-to: <20130829173606.GA6561@pisco.westfalen.local>
References: <20130829173606.GA6561@pisco.westfalen.local>

ist vielleicht für stockerau interessant


Ralf Lehner IT Consulting e.U.
Judengasse 1 Top 4
A-1010 Wien
tel +43 (720) 699799
mob +43 (699) 18885799
mailto:rdl@rdl.at
web http://www.rdl.at



Am 29.08.2013 um 19:38 schrieb "Moritz Muehlenhoff" <jmm@debian.org>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2746-1                   security@debian.org
> http://www.debian.org/security/                        Moritz Muehlenhoff
> August 29, 2013                        http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
> 
> Package        : icedove
> Vulnerability  : several
> Problem type   : remote
> Debian-specific: no
> CVE ID         : CVE-2013-1701 CVE-2013-1709 CVE-2013-1710 CVE-2013-1713 
>                 CVE-2013-1714 CVE-2013-1717
> 
> Multiple security issues have been found in Icedove, Debian's version of 
> the Mozilla Thunderbird mail and news client. Multiple memory safety 
> errors, missing permission checks and other implementation errors may 
> lead to the execution of arbitrary code or cross-site scripting.
> 
> The Icedove version in the oldstable distribution (squeeze) is no longer 
> supported with full security updates. However, it should be noted that 
> almost all security issues in Icedove stem from the included browser engine.
> These security problems only affect Icedove if scripting and HTML mails 
> are enabled. If there are security issues specific to Icedove (e.g. a 
> hypothetical buffer overflow in the IMAP implementation) we'll make an 
> effort to backport such fixes to oldstable.
> 
> For the stable distribution (wheezy), these problems have been fixed in
> version 17.0.8-1~deb7u1.
> 
> For the unstable distribution (sid), these problems have been fixed in
> version 17.0.8-1.
> 
> We recommend that you upgrade your icedove packages.
> 
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
> 
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.14 (GNU/Linux)
> 
> iEYEARECAAYFAlIfhf8ACgkQXm3vHE4uylqF2QCeK7C4vEufIlumHBA/ElEt8/DK
> WW8An0Q0dB0o6Q9xLtdKeDzbg7RB/J6c
> =VAfs
> -----END PGP SIGNATURE-----
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/20130829173606.GA6561@pisco.westfalen.local
>

Reply to:

Prev by Date: Re: process to include upstream jar sig in Debian-generated jar
Next by Date: Re: (Case MB51131) [SECURITY] [DSA 2746-1] icedove security update
Previous by thread: Re: process to include upstream jar sig in Debian-generated jar
Next by thread: Re: (Case MB51131) [SECURITY] [DSA 2746-1] icedove security update
Index(es):
- Date
- Thread