Re: [SECURITY] [DSA 2911-1] icedove security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 04/24/2014 11:21 AM, Salvatore Bonaccorso wrote:
> This is indeed seem a typo in the DSA-2911-1. The fixed version
> for the unstable distribution for the given CVEs is
> icedove/24.4.0-1.
>
> For reference see also [1].
>
> [1] https://security-tracker.debian.org/tracker/DSA-2911-1
>
> Hope that thelps,
>
> Regards, Salvatore
Thank you very much, that does help some, but still doesn't really
completely explain the mystery to me.
In searching through my /var/log/apt/history files, I see that my
current version of icedove (24.4.0-1) was installed on 2014-03-26
Was all of this really patched in the sid version of the icedove
package a full month before the official announcement of these
vulnerabilities? This timing is confusing to me (though I suppose
there may be a reasonable explanation for it).
Any further information that might help me understand would be very
welcome.
best,
~c
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Icedove - http://www.enigmail.net/
iQIcBAEBCAAGBQJTWS+RAAoJELuLPXMxqTZ/FSwP/1D1d178V3rGXoLp57O78Be/
n7BcW6Q8JkBT19ycr5c20ae2vdpiPl1IbjGPea0c7DiGI116kbVUYaWqx9b6H9mT
HoLzznrQOVFL+vwTD1guJ0ShuTKchXXieyz06cZ48srC28P7fGtd+MtcNuSukqD/
0tNY7/ix5GdnSWP3eZZK+qdE6M8GY19Llu+7b+iSe4+JrMCninV6i3D33spR6HI8
s8vrFdsi6WUXRayV/DtPHgnQUf4Spv7d/k6lLpMS+dF+eWzSh3gAFNseT0FfYlEH
Sm68LTKqB9sSTQNYN4BOdH7h0c9NpyMDGPupYutTA6V1TjpDbH+8PSu42eUx+AKI
9C/j2EwkyEJrOIv0jMfr1Gwmo8WAEiQtjVXlkmgBRCJKZCI23jpZScjFgFMkvNoB
Mok+SQZXMWoray7uaEiUSMpAezODG0K3ix83O8QV6R8kfaQe7c+BfLpejNFufb84
0YHTP2Mj3uc+pSdM9aVN18ZiaoAVVBshfKDvzqdp1XF3Y4/QDtHIZ5MYDZ6c8W/q
nnZNre20yjZq2z8x/yr7stdqWpkCuzEtuvXbC6sppdgViGUXC7Ndw4XB/cdEV8IY
k3YPEmstFQpnbbAHgD/XvPht29iSGkohTZX+lYbzfZtJUGLUM2zBYlfY65GEqCWR
PG9H1mlXEaIKPwL5JdRp
=Rv0q
-----END PGP SIGNATURE-----
Reply to: