Bug#535124: marked as done (2.0.22 fixes several security issues)

Fri, 04 Sep 2009 12:30:22 -0700 

Your message dated Fri, 04 Sep 2009 18:32:04 +0000
with message-id <e1mjdzs-000647...@ries.debian.org>
and subject line Bug#535124: fixed in icedove 2.0.0.22-0lenny1
has caused the Debian Bug report #535124,
regarding 2.0.22 fixes several security issues
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
535124: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535124
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: icedove
Severity: grave
Tags: security

Hi,
according to 

http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html#thunderbird2.0.0.22

2.0.20, 2.0.21 and 2.0.22 fix several security issues in thunderbird.
Lenny ships 2.0.19 so it looks vulnerable.
Cheers,
 -- Guido

--- End Message ---
--- Begin Message --- 
Source: icedove
Source-Version: 2.0.0.22-0lenny1

We believe that the bug you reported is fixed in the latest version of
icedove, which is due to be installed in the Debian FTP archive:

icedove-dbg_2.0.0.22-0lenny1_i386.deb
  to pool/main/i/icedove/icedove-dbg_2.0.0.22-0lenny1_i386.deb
icedove-dev_2.0.0.22-0lenny1_i386.deb
  to pool/main/i/icedove/icedove-dev_2.0.0.22-0lenny1_i386.deb
icedove-gnome-support_2.0.0.22-0lenny1_i386.deb
  to pool/main/i/icedove/icedove-gnome-support_2.0.0.22-0lenny1_i386.deb
icedove_2.0.0.22-0lenny1.diff.gz
  to pool/main/i/icedove/icedove_2.0.0.22-0lenny1.diff.gz
icedove_2.0.0.22-0lenny1.dsc
  to pool/main/i/icedove/icedove_2.0.0.22-0lenny1.dsc
icedove_2.0.0.22-0lenny1_i386.deb
  to pool/main/i/icedove/icedove_2.0.0.22-0lenny1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 535...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alexander Sack <a...@debian.org> (supplier of updated icedove package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 05 Jul 2009 13:49:04 +0200
Source: icedove
Binary: icedove icedove-gnome-support icedove-dbg icedove-dev
Architecture: source i386
Version: 2.0.0.22-0lenny1
Distribution: stable-security
Urgency: low
Maintainer: Alexander Sack <a...@debian.org>
Changed-By: Alexander Sack <a...@debian.org>
Description: 
 icedove    - free/unbranded thunderbird mail/news/rss clone
 icedove-dbg - Debug Symbols for Icedove
 icedove-dev - Development files for Icedove
 icedove-gnome-support - Support for Gnome in Icedove
Closes: 535124
Changes: 
 icedove (2.0.0.22-0lenny1) stable-security; urgency=low
 .
   * New upstream security/stability update (v2.0.0.21/v2.0.0.22) (Closes: 
535124)
     * MFSA 2009-33: Crash viewing multipart/alternative message with 
text/enhanced part
     * MFSA 2009-32 aka CVE-2009-1841: JavaScript chrome privilege escalation
     * MFSA 2009-29 aka CVE-2009-1838: Arbitrary code execution using event 
listeners
       attached to an element whose owner document is null
     * MFSA 2009-27 aka CVE-2009-1836: SSL tampering via non-200 responses to 
proxy
       CONNECT requests
     * MFSA 2009-24 aka CVE-2009-1832+CVE-2009-1831: Crashes with evidence of 
memory
       corruption (rv:1.9.0.11)
     * MFSA 2009-17 aka CVE-2009-1307: Same-origin violations when Adobe Flash 
loaded
       via view-source: scheme
     * MFSA 2009-14 aka CVE-2009-1303+CVE-2009-1302: Crashes with evidence of 
memory
       corruption (rv:1.9.0.9)
     * MFSA 2009-15 aka CVE-2009-0652: URL spoofing with box drawing character
     * MFSA 2009-10 aka CVE-2009-0040: Upgrade PNG library to fix memory safety 
hazards
     * MFSA 2009-09 aka CVE-2009-0776: XML data theft via RDFXMLDataSource and 
cross-domain
       redirect
     * MFSA 2009-07 aka CVE-2009-0771,-0772,-0773,-0774: Crashes with evidence 
of memory
       corruption (rv:1.9.0.7)
     * MFSA 2009-01 aka CVE-2009-0352,CVE-2009-0353 Crashes with evidence of 
memory
       corruption (rv:1.9.0.6)
   * adjust patches to changed codebase
     - update debian/patches/ubuntu-mail-app-xre-name
   * take back Maintainer: field in debian/control
Checksums-Sha1: 
 69fcfcc253a2dffe2b81517fc9e26b3397dec694 1667 icedove_2.0.0.22-0lenny1.dsc
 69906157f63eb834f9448113935a54cdd7c57b5a 36965969 icedove_2.0.0.22.orig.tar.gz
 f9bc63c0ee4dbab50922ed8092bc8526623dad99 118782 
icedove_2.0.0.22-0lenny1.diff.gz
 22e74ac4f14d901c869042181b1f05253bb72732 10924508 
icedove_2.0.0.22-0lenny1_i386.deb
 67f5af976de89479df153d06edebdd69027a6dd1 54082 
icedove-gnome-support_2.0.0.22-0lenny1_i386.deb
 8e2a91dde150f489cf561534d6384d0c87e337b0 56523330 
icedove-dbg_2.0.0.22-0lenny1_i386.deb
 13681c7f08d57e2e49e9be0d542ab16008bc57ed 3934604 
icedove-dev_2.0.0.22-0lenny1_i386.deb
Checksums-Sha256: 
 7c4f2f074137d6b79d0c32f398a1ed6772812033c1116ce4e7d0decdd63ae7db 1667 
icedove_2.0.0.22-0lenny1.dsc
 a7807bee77140c93ef335c726609eebb4f35eaec0fc316e309e959dfecf11fa1 36965969 
icedove_2.0.0.22.orig.tar.gz
 2dc63c4c7892c5f1e90f079897280ca1e13c2a5a104003f2b634cdfc6a7bc210 118782 
icedove_2.0.0.22-0lenny1.diff.gz
 2635be264a874a24a7ca4628c3029e52da93ae4c89147b1a0a561b30ae4b4cdb 10924508 
icedove_2.0.0.22-0lenny1_i386.deb
 d5972e137dec4483d5fd2dcca5b12005341a53919a2f75372b3800ed4c5dedb5 54082 
icedove-gnome-support_2.0.0.22-0lenny1_i386.deb
 eb8a3dd3d254cad1d3b22c2f35e1b69972b1ab10245d8afdcba1d11f703b4c59 56523330 
icedove-dbg_2.0.0.22-0lenny1_i386.deb
 3da208aaf246deefab82be6b669e1de81cbdf1ede6471210e9205fdd5274dbd7 3934604 
icedove-dev_2.0.0.22-0lenny1_i386.deb
Files: 
 e373157340de8a93d36e6210afe2f345 1667 mail optional 
icedove_2.0.0.22-0lenny1.dsc
 8e0ffafaece0680a42c0cb11ff34c64a 36965969 mail optional 
icedove_2.0.0.22.orig.tar.gz
 0f1d8098818180a72820438adfa79436 118782 mail optional 
icedove_2.0.0.22-0lenny1.diff.gz
 b4cf9766cac84f9d21defc2ea4e1d1bc 10924508 mail optional 
icedove_2.0.0.22-0lenny1_i386.deb
 86ac55697cfc6abc6a719be26c5fcb48 54082 mail optional 
icedove-gnome-support_2.0.0.22-0lenny1_i386.deb
 8f925c6cea9ec7e628e05a8079dd30ad 56523330 mail optional 
icedove-dbg_2.0.0.22-0lenny1_i386.deb
 336b57d8a95a52cffc2c07b5ed605c74 3934604 mail optional 
icedove-dev_2.0.0.22-0lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpTXrEACgkQ62zWxYk/rQeCaQCglQG2ElCm5Tva83h6Pb4nZkos
uA4An0TghngCcjEfzMK7qoZBB6/5N7yw
=ZJ34
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to