-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 18 Oct 2007 09:27:15 +0000 Source: icedove Binary: icedove-inspector icedove-dev thunderbird-dbg thunderbird-inspector icedove-typeaheadfind mozilla-thunderbird-typeaheadfind icedove-dbg thunderbird-gnome-support thunderbird-typeaheadfind icedove mozilla-thunderbird-inspector icedove-gnome-support thunderbird mozilla-thunderbird-dev thunderbird-dev mozilla-thunderbird Architecture: source amd64 all Version: 1.5.0.13+1.5.0.14b.dfsg1-0etch1 Distribution: stable-security Urgency: low Maintainer: Alexander Sack <asac@debian.org> Changed-By: Alexander Sack <asac@debian.org> Description: icedove - free/unbranded thunderbird mail client icedove-dbg - debugging symbols for icedove/thunderbird icedove-dev - development files for icedove/thunderbird icedove-gnome-support - GNOME support package for icedove/thunderbird icedove-inspector - DOM inspector extension for icedove/thunderbird icedove-typeaheadfind - typeaheadfind extension for icedove/thunderbird mozilla-thunderbird - Transition package for icedove rename mozilla-thunderbird-dev - Transition package for icedove-dev rename mozilla-thunderbird-inspector - Transition package for icedove-inspector rename mozilla-thunderbird-typeaheadfind - Transition package for icedove-typeaheadfind rename thunderbird - Transition package for icedove rename thunderbird-dbg - Transition package for icedove-dbg rename thunderbird-dev - Transition package for icedove-dev rename thunderbird-gnome-support - Transition package for icedove-gnome-support rename thunderbird-inspector - Transition package for icedove-inspector rename thunderbird-typeaheadfind - Transition package for icedove-typeaheadfind rename Changes: icedove (1.5.0.13+1.5.0.14b.dfsg1-0etch1) stable-security; urgency=low . [ Alexander Sack ] * security/stability update 1.5.0.13 + 1.5.0.14 (prepatch): - tarball used to produce this tarball: http://people.debian.org/~asac/mozilla-security/patches-ALL-1.8.0.14b.tar.gz Fixed in 1.5.0.13: - CVE-2007-3734, CVE-2007-3735 - MFSA 2007-18: Crashes with evidence of memory corruption (rv:1.8.0.13/1.8.1.5) - CVE-2007-3670 - MFSA 2007-23: Remote code execution by launching Firefox from Internet Explorer. - CVE-2007-3844 - MFSA 2007-26: Privilege escalation through chrome-loaded about:blank windows. - CVE-2007-3845 - MFSA 2007-27: Unescaped URIs passed to external programs. Fixed in 1.5.0.14b: - advisories not yet public/final - will be documented on next upload: CVE-2007-5339 (bulk memory corruption I), CVE-2007-5340 (bulk javascript memory corruption), CVE-2007-5338 (XPCNativeWrapper code execution). CVE-2007-5336 (mutation notify on text change), CVE-2007-5337 (sftp protocol), CVE-2007-2292 (browser digest request splitting), CVE-2007-4841 (windows only). Files: 5037f765746ad92c73e0e95ab4988272 1934 mail optional icedove_1.5.0.13+1.5.0.14b.dfsg1-0etch1.dsc 9cc1dca6142d6b1044e78026b53968c1 34229032 mail optional icedove_1.5.0.13+1.5.0.14b.dfsg1.orig.tar.gz 43c96d5fcdf34ebb5c069dc4378a965b 639834 mail optional icedove_1.5.0.13+1.5.0.14b.dfsg1-0etch1.diff.gz dfc903a949bba53bd63f40fdc184e8e3 12169764 mail optional icedove_1.5.0.13+1.5.0.14b.dfsg1-0etch1_amd64.deb 24993c2fe872d47802ffb85aa216c3c1 195718 mail optional icedove-inspector_1.5.0.13+1.5.0.14b.dfsg1-0etch1_amd64.deb 4da21cca0d9fcb2194c0c87af58a0a47 52070 mail optional icedove-gnome-support_1.5.0.13+1.5.0.14b.dfsg1-0etch1_amd64.deb 2195e5213a818c01569199922f943178 28684 mail optional thunderbird-gnome-support_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb daeca534072d6b581b8dda7157944925 61152 mail optional icedove-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0etch1_amd64.deb e76acc39db8446c406acca7887be7f43 3676870 mail optional icedove-dev_1.5.0.13+1.5.0.14b.dfsg1-0etch1_amd64.deb acef2a67aed70c9600d94b57863b77b7 51475050 mail optional icedove-dbg_1.5.0.13+1.5.0.14b.dfsg1-0etch1_amd64.deb d0a07a5a35dda48ed3a521596ec3b620 28668 mail optional thunderbird-dbg_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb 2090a750ed666d208905b82d684668d3 28654 mail optional thunderbird_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb 7d12e5160a91e489bc481c5a05024776 28670 mail optional mozilla-thunderbird_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb 53bb2afe9384039094219bb14da3727a 28694 mail optional mozilla-thunderbird-inspector_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb eadcb03b9cf28fdad9e0555e83c697a6 28678 mail optional thunderbird-inspector_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb 6df3bdfb10692d1057b64c49c8f93a5a 28698 mail optional mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb b0c1366f5a530674ec66b578db206bde 28696 mail optional thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb 96dc6c4e9629612f7f7fa5ba8276bb4e 28674 mail optional thunderbird-dev_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb b7f1a7e3ea1149a9767539be1c19acbb 28682 mail optional mozilla-thunderbird-dev_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQIVAwUBRxc7dqBE/gcUDGZkAQL0zg/5ATXUto2rETExVLG57TwGXsiRzzucSxqI mN2/Qn1036etmL0w4JV/kltdnLQaqAn5kpTA9WGBxm3FRfIu4V2vW3Y7j0IKlfgp uPB/RLrC3P7GR2GMC+X9efjYiKgRy0UWykbQ6UK9CB+S4Bc8miytHCARBKkPtpE2 dJ8IPF4QNGFCk1J8xJMyDQSG5TQFQrA1MoIBWncx2IVR7MtT6zf5wbF787aZdNp0 8eCh3WKCa3c/fZJMZCN2f5AkqN204TjH+kGhiSx0HRbFalrwjbRfRyGP1h+upxyg capnp89O0YVg1W1eHZQlG8pUKwSCL1PBGdDN9KWMZNGyra1Vv88qTW7heOR5LpS/ uhWXM9IH8O/X+kEhz6Dj8TaVc2A/YMv//cyNm4jdWNOWWAmN79vjC8Jv4jf6ogrz 5Y7feni/bVfLulPUKEFK7hZRsJb2WsygxGa1d8PnYQlRU/kSTY/rG1ID5pZWA2bJ HUYuj+Zu1j16DvSlQw79yAZHppqpICQjQ+21qH/8MP4f3DVT6SJ4XAVwo9rhfWOL y2sq5uSbtoOT9W2/bzcMZSUuSPD3gXLTQg520v95MxQrVjs39TW8ffhmhM5f8sr1 zjeTmKU1WhRdzCwnpfNU1CfelAHRWDro9USzvDk4sktFOUrPLlx64Bf6hzMWdXC8 ws7IyNtR3fE= =choG -----END PGP SIGNATURE----- Accepted: icedove-dbg_1.5.0.13+1.5.0.14b.dfsg1-0etch1_amd64.deb to pool/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.14b.dfsg1-0etch1_amd64.deb icedove-dev_1.5.0.13+1.5.0.14b.dfsg1-0etch1_amd64.deb to pool/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.14b.dfsg1-0etch1_amd64.deb icedove-gnome-support_1.5.0.13+1.5.0.14b.dfsg1-0etch1_amd64.deb to pool/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.14b.dfsg1-0etch1_amd64.deb icedove-inspector_1.5.0.13+1.5.0.14b.dfsg1-0etch1_amd64.deb to pool/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.14b.dfsg1-0etch1_amd64.deb icedove-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0etch1_amd64.deb to pool/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0etch1_amd64.deb icedove_1.5.0.13+1.5.0.14b.dfsg1-0etch1.diff.gz to pool/main/i/icedove/icedove_1.5.0.13+1.5.0.14b.dfsg1-0etch1.diff.gz icedove_1.5.0.13+1.5.0.14b.dfsg1-0etch1.dsc to pool/main/i/icedove/icedove_1.5.0.13+1.5.0.14b.dfsg1-0etch1.dsc icedove_1.5.0.13+1.5.0.14b.dfsg1-0etch1_amd64.deb to pool/main/i/icedove/icedove_1.5.0.13+1.5.0.14b.dfsg1-0etch1_amd64.deb icedove_1.5.0.13+1.5.0.14b.dfsg1.orig.tar.gz to pool/main/i/icedove/icedove_1.5.0.13+1.5.0.14b.dfsg1.orig.tar.gz mozilla-thunderbird-dev_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb to pool/main/i/icedove/mozilla-thunderbird-dev_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb mozilla-thunderbird-inspector_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb to pool/main/i/icedove/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb to pool/main/i/icedove/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb mozilla-thunderbird_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb to pool/main/i/icedove/mozilla-thunderbird_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb thunderbird-dbg_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb to pool/main/i/icedove/thunderbird-dbg_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb thunderbird-dev_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb to pool/main/i/icedove/thunderbird-dev_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb thunderbird-gnome-support_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb to pool/main/i/icedove/thunderbird-gnome-support_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb thunderbird-inspector_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb to pool/main/i/icedove/thunderbird-inspector_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb to pool/main/i/icedove/thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb thunderbird_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb to pool/main/i/icedove/thunderbird_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb