Re: [SECURITY] [DSA 2746-1] icedove security update
ist vielleicht für stockerau interessant
Ralf Lehner IT Consulting e.U.
Judengasse 1 Top 4
A-1010 Wien
tel +43 (720) 699799
mob +43 (699) 18885799
mailto:rdl@rdl.at
web http://www.rdl.at
Am 29.08.2013 um 19:38 schrieb "Moritz Muehlenhoff" <jmm@debian.org>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2746-1 security@debian.org
> http://www.debian.org/security/ Moritz Muehlenhoff
> August 29, 2013 http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package : icedove
> Vulnerability : several
> Problem type : remote
> Debian-specific: no
> CVE ID : CVE-2013-1701 CVE-2013-1709 CVE-2013-1710 CVE-2013-1713
> CVE-2013-1714 CVE-2013-1717
>
> Multiple security issues have been found in Icedove, Debian's version of
> the Mozilla Thunderbird mail and news client. Multiple memory safety
> errors, missing permission checks and other implementation errors may
> lead to the execution of arbitrary code or cross-site scripting.
>
> The Icedove version in the oldstable distribution (squeeze) is no longer
> supported with full security updates. However, it should be noted that
> almost all security issues in Icedove stem from the included browser engine.
> These security problems only affect Icedove if scripting and HTML mails
> are enabled. If there are security issues specific to Icedove (e.g. a
> hypothetical buffer overflow in the IMAP implementation) we'll make an
> effort to backport such fixes to oldstable.
>
> For the stable distribution (wheezy), these problems have been fixed in
> version 17.0.8-1~deb7u1.
>
> For the unstable distribution (sid), these problems have been fixed in
> version 17.0.8-1.
>
> We recommend that you upgrade your icedove packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.14 (GNU/Linux)
>
> iEYEARECAAYFAlIfhf8ACgkQXm3vHE4uylqF2QCeK7C4vEufIlumHBA/ElEt8/DK
> WW8An0Q0dB0o6Q9xLtdKeDzbg7RB/J6c
> =VAfs
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/20130829173606.GA6561@pisco.westfalen.local
>
Reply to: