Your message dated Tue, 09 Oct 2007 08:47:33 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#444010: fixed in icedove 2.0.0.6-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: icedove
Version: 2.0.0.4.dfsg1-2
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for icedove.
CVE-2007-3734[0]:
| Multiple unspecified vulnerabilities in the browser engine in Mozilla
| Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote
| attackers to cause a denial of service (crash) via unspecified vectors
| that trigger memory corruption.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3734
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpxW2H2gME9y.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: icedove
Source-Version: 2.0.0.6-1
We believe that the bug you reported is fixed in the latest version of
icedove, which is due to be installed in the Debian FTP archive:
icedove-dbg_2.0.0.6-1_amd64.deb
to pool/main/i/icedove/icedove-dbg_2.0.0.6-1_amd64.deb
icedove-dev_2.0.0.6-1_amd64.deb
to pool/main/i/icedove/icedove-dev_2.0.0.6-1_amd64.deb
icedove-gnome-support_2.0.0.6-1_amd64.deb
to pool/main/i/icedove/icedove-gnome-support_2.0.0.6-1_amd64.deb
icedove_2.0.0.6-1.diff.gz
to pool/main/i/icedove/icedove_2.0.0.6-1.diff.gz
icedove_2.0.0.6-1.dsc
to pool/main/i/icedove/icedove_2.0.0.6-1.dsc
icedove_2.0.0.6-1_amd64.deb
to pool/main/i/icedove/icedove_2.0.0.6-1_amd64.deb
icedove_2.0.0.6.orig.tar.gz
to pool/main/i/icedove/icedove_2.0.0.6.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alexander Sack <[EMAIL PROTECTED]> (supplier of updated icedove package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 08 Oct 2007 12:09:42 +0000
Source: icedove
Binary: icedove-dev icedove icedove-gnome-support icedove-dbg
Architecture: source amd64
Version: 2.0.0.6-1
Distribution: unstable
Urgency: low
Maintainer: Alexander Sack <[EMAIL PROTECTED]>
Changed-By: Alexander Sack <[EMAIL PROTECTED]>
Description:
icedove - free/unbranded thunderbird mail/news/rss clone
icedove-dbg - Debug Symbols for Icedove
icedove-dev - Development files for Icedove
icedove-gnome-support - Support for Gnome in Icedove
Closes: 443454 444010
Changes:
icedove (2.0.0.6-1) unstable; urgency=low
.
* new upstream release 2.0.0.6-1 fixes various security issues
(Closes: #444010):
- MFSA 2007-18 aka CVE-2007-3734, CVE-2007-3735 - Crashes with evidence of
memory corruption (rv:1.8.1.5).
- MFSA 2007-23 aka CVE-2007-3670 - Remote code execution by launching
Firefox from Internet Explorer (doesn't apply to linux).
- MFSA 2007-26 aka CVE-2007-3844 - Privilege escalation through
chrome-loaded about:blank windows.
- MFSA 2007-27 aka # CVE-2007-3845 - Unescaped URIs passed to external
programs.
* debian/patches/debian/patches/credits-rebranding: refresh patch because of
code-base change in new upstream release.
* debian/patche/bz389801_deb443454_fix_gtk_theme_crashes.patch,series:
import fix for theme crashes from bugzilla (Closes: 443454).
Files:
3010de28792f6415dbea05a1873efa50 1727 mail optional icedove_2.0.0.6-1.dsc
d1030ebe56ab01c757b0d5488bed0c05 34063528 mail optional
icedove_2.0.0.6.orig.tar.gz
747c390164d07d4945d3b769a3abc5d9 98958 mail optional icedove_2.0.0.6-1.diff.gz
24ebff1cfdddb31c940b8cc5f78f0b1e 12220920 mail optional
icedove_2.0.0.6-1_amd64.deb
eb45ed474037c167baff8e13c85893ae 44412 mail optional
icedove-gnome-support_2.0.0.6-1_amd64.deb
17b86a3fabde369e2857a0c2c39fe811 56938268 mail optional
icedove-dbg_2.0.0.6-1_amd64.deb
7955b286dbaa0a3507d262601e72dad8 3728368 mail optional
icedove-dev_2.0.0.6-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQIVAwUBRwon9qBE/gcUDGZkAQIdbA/+M3nG+deowBDsO4PvW1vdUI3t+4EjPexL
IKkd3YDv3IL191IUyaVSwMlUWcaGZnnGb6U2HHByhvhZ5Ya8Rf+8qM5hHGJ4Hfp4
iztJwEoIIg+6LcMPVdQLFjrgdVGjv5+/maWWWf9qGhND3mlo5icly+1QATiOYtVX
YWjo3Nkn3nbokS9CZl/5fxOddv4t/ixclsixiJfHup4sghwIiDm/HOayk5SElrIk
qHDc0qElNkAcQpvf6bL5zD3CsdS1qub67n2Zg8zcRDNCZu6rZZS6+L8KpswyPwL6
BlTTCwMgQVzMvcsgox8lQ+OwnFdhKeZglQD8AsirDeHG5Iy0EltEb8t/O3s8tJbj
16uUyM6+m3daC6rgfbsVaRIl5z25ZBamICam/7As2w4Mm0dct9RWnZoMTIDsuI+Y
oXLKK7PwkiBk9FqFjNE0htIMSzPY3S32yxmgYXGXQ8GYxxVQXunCICTrnQVKhLof
tB8AqC8JAVEhyfX1858gaVtJLYTkxnV/ypxA277BFeSkKmmoKfmlWHU+IKlgqyg1
l9vE3soSlY91DmXA1q0oHeTS9CASlWSRyKKJwtu+nQJ8/kLyw+Mrs/LCsdvnwhBC
vYb8CCROqrQumYF39urdftne6md3QxT4sKUSGhSkno20z0zS12m8oEqaNI1f+YyL
9qEnLp0vbx4=
=dhq/
-----END PGP SIGNATURE-----
--- End Message ---
