Hosting Provided By

[SECURITY] [DSA 1346-1] New iceape packages fix several vulnerabilities

From: Moritz Muehlenhoff <jmm(at)debian.org>
Date: Sat Aug 04 2007 - 07:54:19 EDT

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

-------------------------------------------------------------------------- Debian Security Advisory DSA 1346-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff August 4th, 2007 http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : iceape
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2007-3844 CVE-2007-3845

Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-3844 "moz_bug_r_a4" discovered that a regression in the handling of "about:blank" windows used by addons may lead to an attacker being able to modify the content of web sites.

CVE-2007-3845 Jesper Johansson discovered that missing sanitising of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page.

The Mozilla products in the oldstable distribution (sarge) are no longer supported with with security updates.

For the stable distribution (etch) these problems have been fixed in version 1.0.10~pre070720-0etch3.

For the unstable distribution (sid) these problems have been fixed in version 1.1.3-2.

We recommend that you upgrade your iceape packages.

Do you need help?

Upgrade Instructions

- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

- -------------------------------

Source archives:

    
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720-0etch3.dsc
      Size/MD5 checksum:     1436 66da445dd4b97ad09509205d9c95cb91
    
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720-0etch3.diff.gz
      Size/MD5 checksum:   270276 c15adacbf5473e5088c4f86c24723f90
    
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720.orig.tar.gz
      Size/MD5 checksum: 43473332 245a8a7774ff47ef91177724130f8ea4

Do you need more help?

Architecture independent components:

    
http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.10~pre070720-0etch3_all.deb
      Size/MD5 checksum:   278862 e4bc75a794055347e6d783753ce15686
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.10~pre070720-0etch3_all.deb
      Size/MD5 checksum:  3660096 6368fe33d6695c463723a0d779dbbf68
    
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720-0etch3_all.deb
      Size/MD5 checksum:    27976 eb5c9c2fe5656ad05dbf1bbe61fd1400
    
http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.10~pre070720-0etch3_all.deb
      Size/MD5 checksum:    27512 0270d732726aa2fbc42636df4f53fe82
    
http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.10~pre070720-0etch3_all.deb
      Size/MD5 checksum:    26582 1ba43b858739aadc4a72caff8ad6a352
    
http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.10~pre070720-0etch3_all.deb
      Size/MD5 checksum:    26598 79cf169ca98208457d7836987ec6ff2a
    
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.10~pre070720-0etch3_all.deb
      Size/MD5 checksum:    26710 8c8d9a876c911ee6c13a7584adb17f70
    
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.10~pre070720-0etch3_all.deb
      Size/MD5 checksum:    26624 e9fed3b1ba4a5599a94766870558a491
    
http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.10~pre070720-0etch3_all.deb
      Size/MD5 checksum:    26614 d935253d3d6d08e97f417f4920fc79df
    
http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.10~pre070720-0etch3_all.deb
      Size/MD5 checksum:    26598 285a27b44dd417d238495bb93da923a6
    
http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.10~pre070720-0etch3_all.deb
      Size/MD5 checksum:    26586 c29d3a05295a95d6aefba315d988f120
    
http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.10~pre070720-0etch3_all.deb
      Size/MD5 checksum:    26570 9be19c8b022e56b5c5c1fbafba3f61a9

Alpha architecture:

    
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_alpha.deb
      Size/MD5 checksum: 12871490 29796a3ab6f29f7d2a31bc211d1a3b38
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_alpha.deb
      Size/MD5 checksum:   625596 ce4437c9fbabfa7f4fe553626524d481
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_alpha.deb
      Size/MD5 checksum: 60581292 0b0789d0cbee8e46fd78d3e01b84674b
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_alpha.deb
      Size/MD5 checksum:   197156 632847a3944ebbffee5bae33ad7f48f9
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_alpha.deb
      Size/MD5 checksum:    53392 0a98fe620b0b49eafd4055926741afa5
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_alpha.deb
      Size/MD5 checksum:  2282124 74d9e8b8fc063d9a2c0c1bea1d4daac9
Can we help you? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related lists.debian.org Links
debian-announce
debian-apache
debian-arm-changes
debian-beowulf
debian-boot
debian-cd
debian-cd-vendors
debian-changes
debian-changes-digest
debian-isp
debian-kde
debian-laptop
debian-mirrors-announce
debian-news
debian-security
debian-security-announce
debian-testing
debian-user
debian-user-digest
Request more information about Pantek

AMD64 architecture:

    
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_amd64.deb
      Size/MD5 checksum: 11649922 598b82ffb6bf8efd8fa831bedbb9ff6b
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_amd64.deb
      Size/MD5 checksum:   608826 10ecf3acf60df3afd0aab632d2da18f8
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_amd64.deb
      Size/MD5 checksum: 59572054 8bcb5249b318a29f3d893e76f8562e3c
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_amd64.deb
      Size/MD5 checksum:   194242 8d266d5d6efcf0ee4ce55a01d1849327
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_amd64.deb
      Size/MD5 checksum:    52854 4548aa9e07c47ba2e0cea1983aed22cb
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_amd64.deb
      Size/MD5 checksum:  2090946 2b4b2ce133068921c92ea527341af22d

ARM architecture:

    
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_arm.deb
      Size/MD5 checksum: 10388778 91db8be09bc2644647994501dd4e9f94
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_arm.deb
      Size/MD5 checksum:   582276 f5084bb84bcee566ca6cdc3031f0115b
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_arm.deb
      Size/MD5 checksum: 58736630 7be68d5adf5869815fe126b32aa2780d
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_arm.deb
      Size/MD5 checksum:   188318 ecb4535d6a70879e5cf3b40e91c3feba
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_arm.deb
      Size/MD5 checksum:    47546 2245934b83783b9ce219ede8d24e8685
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_arm.deb
      Size/MD5 checksum:  1907286 b3c092e8321386b382d40ced0a9656ee

Intel IA-32 architecture:

    
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_i386.deb
      Size/MD5 checksum: 10458656 39010ec6c30a9de7839047382f1b410e
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_i386.deb
      Size/MD5 checksum:   588168 afd7de7e03cf0c48fa7f3e5452775d09
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_i386.deb
      Size/MD5 checksum: 58650042 adb7d80b3b9953647cb220cfe80e8628
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_i386.deb
      Size/MD5 checksum:   188950 3c30bf530070b2a8c676a2be126a89b4
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_i386.deb
      Size/MD5 checksum:    47928 48e2e91f605b7acc76cae0f6ec3b64e0
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_i386.deb
      Size/MD5 checksum:  1889960 12b3fee32c72f4d820fb3bb69bbfafa3

Intel IA-64 architecture:

    
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_ia64.deb
      Size/MD5 checksum: 15768358 87221c7a15933a1d33d6aaec573edecd
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_ia64.deb
      Size/MD5 checksum:   661030 2c2838943b8eb3ecc818e7031f372c25
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_ia64.deb
      Size/MD5 checksum: 59850658 53354ad4f8c5abc614e724907259e324
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_ia64.deb
      Size/MD5 checksum:   203906 b9d1918e0bfb6d8122e12ce94892e0de
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_ia64.deb
      Size/MD5 checksum:    61424 833205aabbf5d43d7aa37be16191e7db
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_ia64.deb
      Size/MD5 checksum:  2815984 cd1d559271c3be01cf992b54781f475f

Little endian MIPS architecture:

    
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_mipsel.deb
      Size/MD5 checksum: 10896410 48d9112257bfe46d49873d48e9a978d9
Can't find what you're looking for? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related lists.debian.org Links
debian-announce
debian-apache
debian-arm-changes
debian-beowulf
debian-boot
debian-cd
debian-cd-vendors
debian-changes
debian-changes-digest
debian-isp
debian-kde
debian-laptop
debian-mirrors-announce
debian-news
debian-security
debian-security-announce
debian-testing
debian-user
debian-user-digest
Request more information about Pantek
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_mipsel.deb
      Size/MD5 checksum:   595110 8befb8dde48b2c26ef35a24e5941c6ea
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_mipsel.deb
      Size/MD5 checksum: 59789352 2ba792d018a5d4aa018d2f8cb4ec1701
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_mipsel.deb
      Size/MD5 checksum:   190420 cf969199ea40531e7e1f78c2623474cf
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_mipsel.deb
      Size/MD5 checksum:    49222 2721ccffcbc295cd4833fea0ffffb110
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_mipsel.deb
      Size/MD5 checksum:  1940716 a68d1d02af83dc2ec221c29b34733411

PowerPC architecture:

    
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_powerpc.deb
      Size/MD5 checksum: 11296084 21422a619f4c19e27c3a83fcd05df7e8
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_powerpc.deb
      Size/MD5 checksum:   595570 7a54ea060357043d238b7f6f0f2950ac
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_powerpc.deb
      Size/MD5 checksum: 61574438 2758cdb970409d44f9679f15f377559c
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_powerpc.deb
      Size/MD5 checksum:   191292 e32d670d121005099e31bdb600fd823b
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_powerpc.deb
      Size/MD5 checksum:    48856 c9a3281ab7d456a0fccd756a3f41ea7f
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_powerpc.deb
      Size/MD5 checksum:  2005666 cfec107045392dbadffc0694735ec670

Don't know where to look next?

IBM S/390 architecture:

    
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_s390.deb
      Size/MD5 checksum: 12271986 f3449eea99beebf302ef531e319e0d9d
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_s390.deb
      Size/MD5 checksum:   610992 1fb0e07075f063c74b7697007b99dbb7
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_s390.deb
      Size/MD5 checksum: 60330846 5853467308184dd3b4bc4f57d0d7b96f
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_s390.deb
      Size/MD5 checksum:   196098 634f4353e389c2b0bc322981f0be9f3c
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_s390.deb
      Size/MD5 checksum:    53438 a1cca7e4b89cdd2869480b7ad5426848
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_s390.deb
      Size/MD5 checksum:  2184940 66189e26fe37accc875c5464f186f340

Sun Sparc architecture:

    
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_sparc.deb
      Size/MD5 checksum: 10642440 711f992794dbce40c041b6523d25efc8
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_sparc.deb
      Size/MD5 checksum:   584580 b051c601a46ab372fb55010664604631
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_sparc.deb
      Size/MD5 checksum: 58473150 b88be50b4d70ffdd13b6bc3b7a4cb211
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_sparc.deb
      Size/MD5 checksum:   188878 b35ef540f8c377f8d00c391dddea72cb
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_sparc.deb
      Size/MD5 checksum:    47512 23735ff78cb04ce1da6b8be26df047dc
    
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_sparc.deb
      Size/MD5 checksum:  1894918 c145962558e653604fe6024d6d86eb9b

These files will probably be moved into the stable distribution on its next update.

--------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGtGiqXm3vHE4uyloRAqZlAJ9iFieUQEfpSvFsf3hr0YvI/CTUVQCfVftq yEy98P8qlJkoLsNR7M8plRw=
=fmyS
-----END PGP SIGNATURE-----

-- 
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Confused? Frustrated? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related lists.debian.org Links
debian-announce
debian-apache
debian-arm-changes
debian-beowulf
debian-boot
debian-cd
debian-cd-vendors
debian-changes
debian-changes-digest
debian-isp
debian-kde
debian-laptop
debian-mirrors-announce
debian-news
debian-security
debian-security-announce
debian-testing
debian-user
debian-user-digest
Request more information about Pantek

Received on Sat Aug 4 08:42:08 2007

This message: [ Message body ]
Next message: Moritz Muehlenhoff: "[SECURITY] [DSA 1347-1] New xpdf packages fix arbitrary code execution"
Previous message: Moritz Muehlenhoff: "[SECURITY] [DSA 1345-1] New xulrunner packages fix several vulnerabilities"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Thu Aug 09 2007 - 19:06:12 EDT