Re: [SECURITY] [DSA 2911-1] icedove security update

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 2911-1] icedove security update
From: charlie derr <cderr@simons-rock.edu>
Date: Thu, 24 Apr 2014 11:36:49 -0400
Message-id: <[🔎] 53592F91.1040102@simons-rock.edu>
In-reply-to: <29680_1398352935_53592C27_29680_3094_1_20140424152132.GA2695@eldamar.local>
References: <20050_1398180321_535689E1_20050_1791_1_20140422152501.GA3309@pisco.westfalen.local> <[🔎] 53591A14.7080305@simons-rock.edu> <29680_1398352935_53592C27_29680_3094_1_20140424152132.GA2695@eldamar.local>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 04/24/2014 11:21 AM, Salvatore Bonaccorso wrote:
> This is indeed seem a typo in the DSA-2911-1. The fixed version
> for the unstable distribution for the given CVEs is
> icedove/24.4.0-1.
> 
> For reference see also [1].
> 
> [1] https://security-tracker.debian.org/tracker/DSA-2911-1
> 
> Hope that thelps,
> 
> Regards, Salvatore


Thank you very much, that does help some, but still doesn't really
completely explain the mystery to me.

In searching through my /var/log/apt/history files, I see that my
current version of icedove (24.4.0-1) was installed on 2014-03-26

Was all of this really patched in the sid version of the icedove
package a full month before the official announcement of these
vulnerabilities?  This timing is confusing to me (though I suppose
there may be a reasonable explanation for it).

Any further information that might help me understand would be very
welcome.

    best,
         ~c
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQIcBAEBCAAGBQJTWS+RAAoJELuLPXMxqTZ/FSwP/1D1d178V3rGXoLp57O78Be/
n7BcW6Q8JkBT19ycr5c20ae2vdpiPl1IbjGPea0c7DiGI116kbVUYaWqx9b6H9mT
HoLzznrQOVFL+vwTD1guJ0ShuTKchXXieyz06cZ48srC28P7fGtd+MtcNuSukqD/
0tNY7/ix5GdnSWP3eZZK+qdE6M8GY19Llu+7b+iSe4+JrMCninV6i3D33spR6HI8
s8vrFdsi6WUXRayV/DtPHgnQUf4Spv7d/k6lLpMS+dF+eWzSh3gAFNseT0FfYlEH
Sm68LTKqB9sSTQNYN4BOdH7h0c9NpyMDGPupYutTA6V1TjpDbH+8PSu42eUx+AKI
9C/j2EwkyEJrOIv0jMfr1Gwmo8WAEiQtjVXlkmgBRCJKZCI23jpZScjFgFMkvNoB
Mok+SQZXMWoray7uaEiUSMpAezODG0K3ix83O8QV6R8kfaQe7c+BfLpejNFufb84
0YHTP2Mj3uc+pSdM9aVN18ZiaoAVVBshfKDvzqdp1XF3Y4/QDtHIZ5MYDZ6c8W/q
nnZNre20yjZq2z8x/yr7stdqWpkCuzEtuvXbC6sppdgViGUXC7Ndw4XB/cdEV8IY
k3YPEmstFQpnbbAHgD/XvPht29iSGkohTZX+lYbzfZtJUGLUM2zBYlfY65GEqCWR
PG9H1mlXEaIKPwL5JdRp
=Rv0q
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 2911-1] icedove security update
  - From: Salvatore Bonaccorso <carnil@debian.org>

References:
- Re: [SECURITY] [DSA 2911-1] icedove security update
  - From: charlie derr <cderr@simons-rock.edu>

Prev by Date: Re: [SECURITY] [DSA 2911-1] icedove security update
Next by Date: Re: goals for hardening Debian: ideas and help wanted
Previous by thread: Re: [SECURITY] [DSA 2911-1] icedove security update
Next by thread: Re: [SECURITY] [DSA 2911-1] icedove security update
Index(es):
- Date
- Thread