-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 19 Oct 2007 21:05:15 +0200 Source: icedove Binary: icedove-inspector icedove-dev thunderbird-dbg thunderbird-inspector icedove-typeaheadfind mozilla-thunderbird-typeaheadfind icedove-dbg thunderbird-gnome-support thunderbird-typeaheadfind icedove mozilla-thunderbird-inspector icedove-gnome-support thunderbird mozilla-thunderbird-dev thunderbird-dev mozilla-thunderbird Architecture: source i386 all Version: 1.5.0.13+1.5.0.14b.dfsg1-0lenny1 Distribution: testing-security Urgency: low Maintainer: Alexander Sack <asac@debian.org> Changed-By: Stefan Fritsch <sf@debian.org> Description: icedove - free/unbranded thunderbird mail client icedove-dbg - debugging symbols for icedove/thunderbird icedove-dev - development files for icedove/thunderbird icedove-gnome-support - GNOME support package for icedove/thunderbird icedove-inspector - DOM inspector extension for icedove/thunderbird icedove-typeaheadfind - typeaheadfind extension for icedove/thunderbird mozilla-thunderbird - Transition package for icedove rename mozilla-thunderbird-dev - Transition package for icedove-dev rename mozilla-thunderbird-inspector - Transition package for icedove-inspector rename mozilla-thunderbird-typeaheadfind - Transition package for icedove-typeaheadfind rename thunderbird - Transition package for icedove rename thunderbird-dbg - Transition package for icedove-dbg rename thunderbird-dev - Transition package for icedove-dev rename thunderbird-gnome-support - Transition package for icedove-gnome-support rename thunderbird-inspector - Transition package for icedove-inspector rename thunderbird-typeaheadfind - Transition package for icedove-typeaheadfind rename Changes: icedove (1.5.0.13+1.5.0.14b.dfsg1-0lenny1) testing-security; urgency=low . [ Alexander Sack ] * security/stability update 1.5.0.13 + 1.5.0.14 (prepatch): - tarball used to produce this tarball: http://people.debian.org/~asac/mozilla-security/patches-ALL-1.8.0.14b.tar.gz Fixed in 1.5.0.13: - CVE-2007-3734, CVE-2007-3735 - MFSA 2007-18: Crashes with evidence of memory corruption (rv:1.8.0.13/1.8.1.5) - CVE-2007-3670 - MFSA 2007-23: Remote code execution by launching Firefox from Internet Explorer. - CVE-2007-3844 - MFSA 2007-26: Privilege escalation through chrome-loaded about:blank windows. - CVE-2007-3845 - MFSA 2007-27: Unescaped URIs passed to external programs. Fixed in 1.5.0.14b: - advisories not yet public/final - will be documented on next upload: CVE-2007-5339 (bulk memory corruption I), CVE-2007-5340 (bulk javascript memory corruption), CVE-2007-5338 (XPCNativeWrapper code execution). CVE-2007-5336 (mutation notify on text change), CVE-2007-5337 (sftp protocol), CVE-2007-2292 (browser digest request splitting), CVE-2007-4841 (windows only). . [ Stefan Fritsch ] * Upload to testing-security Files: 84448267443e94de8c2bca0cb9331921 1298 mail optional icedove_1.5.0.13+1.5.0.14b.dfsg1-0lenny1.dsc 092b7b811688851549f178e93b335146 640636 mail optional icedove_1.5.0.13+1.5.0.14b.dfsg1-0lenny1.diff.gz 8cefd5a0d45b6a568008f61ce1890575 10781436 mail optional icedove_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_i386.deb 4c64924fb913be3b5e5173c3beaf3abc 190422 mail optional icedove-inspector_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_i386.deb 43c5051d012fea279501cba041ef4a89 46950 mail optional icedove-gnome-support_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_i386.deb 8be379e8f4d08a26204b7d9840f68f59 28742 mail optional thunderbird-gnome-support_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb 7651a36ecbcff55044c0d15d2f75ce6a 57290 mail optional icedove-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_i386.deb abb5201c49b3723f199a12c2b4e3d594 3921538 mail optional icedove-dev_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_i386.deb e2c2889eeb6f10fbb5dd89fcd8dd901f 81162980 mail optional icedove-dbg_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_i386.deb 55a253d2d03794be7d870eb8bd0edad7 28720 mail optional thunderbird-dbg_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb bb9996821a8ef3a8fe97a517713be23a 28708 mail optional thunderbird_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb f7b8594b9b64a6e4f7c226f0e9d8796c 28726 mail optional mozilla-thunderbird_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb c103e5be4c22e495d4e0574edd3983b2 28748 mail optional mozilla-thunderbird-inspector_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb f93e76f14e88c2335fc6599dd43bc73f 28730 mail optional thunderbird-inspector_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb 266883c0cc73501e3f9064f4471b7637 28750 mail optional mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb 2ed302e3ca9e43922689d728b3f24035 28748 mail optional thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb 46b9aecafe3304942c03b7ae62ad3109 28726 mail optional thunderbird-dev_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb f05de30af14c3c0be2b93e6d0f2be839 28736 mail optional mozilla-thunderbird-dev_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHGa6lbxelr8HyTqQRAnGvAJ48wXTNsU1Uts6tPxfyCB6Qpu1IIwCgxHMa Lq4o+QOTkurG8qiHw6PKsNw= =jFrX -----END PGP SIGNATURE----- Accepted: icedove-dbg_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_i386.deb to pool/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_i386.deb icedove-dev_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_i386.deb to pool/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_i386.deb icedove-gnome-support_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_i386.deb to pool/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_i386.deb icedove-inspector_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_i386.deb to pool/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_i386.deb icedove-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_i386.deb to pool/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_i386.deb icedove_1.5.0.13+1.5.0.14b.dfsg1-0lenny1.diff.gz to pool/main/i/icedove/icedove_1.5.0.13+1.5.0.14b.dfsg1-0lenny1.diff.gz icedove_1.5.0.13+1.5.0.14b.dfsg1-0lenny1.dsc to pool/main/i/icedove/icedove_1.5.0.13+1.5.0.14b.dfsg1-0lenny1.dsc icedove_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_i386.deb to pool/main/i/icedove/icedove_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_i386.deb mozilla-thunderbird-dev_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb to pool/main/i/icedove/mozilla-thunderbird-dev_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb mozilla-thunderbird-inspector_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb to pool/main/i/icedove/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb to pool/main/i/icedove/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb mozilla-thunderbird_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb to pool/main/i/icedove/mozilla-thunderbird_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb thunderbird-dbg_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb to pool/main/i/icedove/thunderbird-dbg_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb thunderbird-dev_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb to pool/main/i/icedove/thunderbird-dev_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb thunderbird-gnome-support_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb to pool/main/i/icedove/thunderbird-gnome-support_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb thunderbird-inspector_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb to pool/main/i/icedove/thunderbird-inspector_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb to pool/main/i/icedove/thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb thunderbird_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb to pool/main/i/icedove/thunderbird_1.5.0.13+1.5.0.14b.dfsg1-0lenny1_all.deb