-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 14 Feb 2008 19:43:38 +0100 Source: iceape Binary: mozilla iceape-browser mozilla-calendar mozilla-js-debugger iceape iceape-calendar iceape-dom-inspector mozilla-psm mozilla-chatzilla mozilla-mailnews iceape-dbg iceape-gnome-support mozilla-dom-inspector iceape-dev iceape-chatzilla mozilla-browser iceape-mailnews mozilla-dev Architecture: source all amd64 Version: 1.0.12~pre080131b-0etch1 Distribution: stable-security Urgency: critical Maintainer: Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org> Changed-By: Mike Hommey <mh@glandium.org> Description: iceape - The Iceape Internet Suite iceape-browser - Iceape Navigator (Internet browser) and Composer iceape-calendar - Iceape Calendar iceape-chatzilla - Iceape Chatzilla IRC client iceape-dbg - Debugging symbols for the Iceape Internet Suite iceape-dev - Development files for the Iceape Internet Suite iceape-dom-inspector - DOM inspector for the Iceape Internet Suite iceape-gnome-support - Gnome support for the Iceape Internet Suite iceape-mailnews - Iceape Mail & Newsgroups and Address Book mozilla - Transition package for the Iceape Internet Suite mozilla-browser - Transition package for Iceape Navigator and Composer mozilla-calendar - Transition package for Iceape Calendar mozilla-chatzilla - Transition package for Iceape Chatzilla IRC client mozilla-dev - Transition package for development file for the Iceape Internet S mozilla-dom-inspector - Transition package for the DOM Inspector for the Iceape Internet mozilla-js-debugger - Transition package for venkman mozilla-mailnews - Transition package for Iceape Mail & Newsgroups and Address Book mozilla-psm - Transition package for Iceape Navigator Changes: iceape (1.0.12~pre080131b-0etch1) stable-security; urgency=critical . * New security/stability upstream release (backports for v2.0.0.12) * MFSA 2008-01 aka CVE-2008-0412: Crashes with evidence of memory corruption v1.8.1.12 (Browser crashes) * MFSA 2008-01 aka CVE-2008-0413: Crashes with evidence of memory corruption v1.8.1.12 (javascript crashes) * MFSA 2008-02 aka CVE-2008-0414: Multiple file input focus stealing vulnerabilities: 1. Focus shifting bugs and 2. Selective keystroke blocking bugs * MFSA 2008-03 aka CVE-2008-0415: Privilege escalation, XSS, Remote Code Execution (JavaScript privilege escalation bugs) * MFSA 2008-04 aka CVE-2008-0417: Stored password corruption * MFSA 2008-05 aka CVE-2008-0418: Directory traversal via chrome: URI * MFSA 2008-06 aka CVE-2008-0419: Web browsing history and forward navigation stealing * MFSA 2008-08 aka CVE-2008-0591: File action dialog tampering * MFSA 2008-09 aka CVE-2008-0592: Mishandling of locally-saved plain text files * MFSA 2008-10 aka CVE-2008-0593: URL token stealing via stylesheet redirect * MFSA 2008-11 aka CVE-2008-0594: Web forgery overwrite with div overlay Files: eaee68845cb7d4660609f6c47ac01666 1439 net optional iceape_1.0.12~pre080131b-0etch1.dsc fb6e3c3d3bc4a94773c1b4921fdb42d6 269895 net optional iceape_1.0.12~pre080131b-0etch1.diff.gz 20c852fc8104981654bd6227a0602375 28614 web optional iceape_1.0.12~pre080131b-0etch1_all.deb df30ff32e825d5ceb1630025a7d0ef88 3927248 devel optional iceape-dev_1.0.12~pre080131b-0etch1_all.deb 1e8faf69c0bbf186f1a6c1d199646ce6 281870 net optional iceape-chatzilla_1.0.12~pre080131b-0etch1_all.deb 91bbb99fad75c41e2df1170749014288 27208 web optional mozilla_1.8+1.0.12~pre080131b-0etch1_all.deb 4997ba36f2c9aacf25eb9c41bf104d6f 28186 web optional mozilla-browser_1.8+1.0.12~pre080131b-0etch1_all.deb ad7233b5d98e1557cdc190d9cf6746df 27348 devel optional mozilla-dev_1.8+1.0.12~pre080131b-0etch1_all.deb 8ae02d5d250866771250e19e5bb967bb 27236 mail optional mozilla-mailnews_1.8+1.0.12~pre080131b-0etch1_all.deb 97c0a7e4b71cc083c711086dd160322a 27232 net optional mozilla-chatzilla_1.8+1.0.12~pre080131b-0etch1_all.deb 6035bbc507f4fc30a0564aa18c5a3a98 27220 web optional mozilla-psm_1.8+1.0.12~pre080131b-0etch1_all.deb 2b1e9711c1e80b9651b88e3dc19d4b76 27248 web optional mozilla-dom-inspector_1.8+1.0.12~pre080131b-0etch1_all.deb 51f7e38462c1f39e0c662e4b58eca43a 27244 devel optional mozilla-js-debugger_1.8+1.0.12~pre080131b-0etch1_all.deb 0233d457074aa58542b8662c2a54c48a 27210 misc optional mozilla-calendar_1.8+1.0.12~pre080131b-0etch1_all.deb 2fc3db14be5dd03b082497ab6f9ffc36 11687282 web optional iceape-browser_1.0.12~pre080131b-0etch1_amd64.deb 8789d8dd06e30ce580ab37e94ec1d44b 53366 web optional iceape-gnome-support_1.0.12~pre080131b-0etch1_amd64.deb 146775d1bd21250e027006f9dbf90d6f 59608524 devel extra iceape-dbg_1.0.12~pre080131b-0etch1_amd64.deb 99aef23fe234563ce99f3d8ce89b02d2 2099654 mail optional iceape-mailnews_1.0.12~pre080131b-0etch1_amd64.deb 6cb81b62325770fd1e2590908d0afda7 613832 misc optional iceape-calendar_1.0.12~pre080131b-0etch1_amd64.deb 2ccb3800e4edcd8510d707a9ac4a5d7e 195048 web optional iceape-dom-inspector_1.0.12~pre080131b-0etch1_amd64.deb 39071cd311888d73254336b782109776 43535826 net optional iceape_1.0.12~pre080131b.orig.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHvK9PXm3vHE4uyloRAsY2AJ9gvaHODXEFc1By+x7uuStA079naQCguV7d QeEPl8SzsQGVdlRH+CaBxjc= =YbJQ -----END PGP SIGNATURE----- Accepted: iceape-browser_1.0.12~pre080131b-0etch1_amd64.deb to pool/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_amd64.deb iceape-calendar_1.0.12~pre080131b-0etch1_amd64.deb to pool/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_amd64.deb iceape-chatzilla_1.0.12~pre080131b-0etch1_all.deb to pool/main/i/iceape/iceape-chatzilla_1.0.12~pre080131b-0etch1_all.deb iceape-dbg_1.0.12~pre080131b-0etch1_amd64.deb to pool/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_amd64.deb iceape-dev_1.0.12~pre080131b-0etch1_all.deb to pool/main/i/iceape/iceape-dev_1.0.12~pre080131b-0etch1_all.deb iceape-dom-inspector_1.0.12~pre080131b-0etch1_amd64.deb to pool/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_amd64.deb iceape-gnome-support_1.0.12~pre080131b-0etch1_amd64.deb to pool/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_amd64.deb iceape-mailnews_1.0.12~pre080131b-0etch1_amd64.deb to pool/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_amd64.deb iceape_1.0.12~pre080131b-0etch1.diff.gz to pool/main/i/iceape/iceape_1.0.12~pre080131b-0etch1.diff.gz iceape_1.0.12~pre080131b-0etch1.dsc to pool/main/i/iceape/iceape_1.0.12~pre080131b-0etch1.dsc iceape_1.0.12~pre080131b-0etch1_all.deb to pool/main/i/iceape/iceape_1.0.12~pre080131b-0etch1_all.deb iceape_1.0.12~pre080131b.orig.tar.gz to pool/main/i/iceape/iceape_1.0.12~pre080131b.orig.tar.gz mozilla-browser_1.8+1.0.12~pre080131b-0etch1_all.deb to pool/main/i/iceape/mozilla-browser_1.8+1.0.12~pre080131b-0etch1_all.deb mozilla-calendar_1.8+1.0.12~pre080131b-0etch1_all.deb to pool/main/i/iceape/mozilla-calendar_1.8+1.0.12~pre080131b-0etch1_all.deb mozilla-chatzilla_1.8+1.0.12~pre080131b-0etch1_all.deb to pool/main/i/iceape/mozilla-chatzilla_1.8+1.0.12~pre080131b-0etch1_all.deb mozilla-dev_1.8+1.0.12~pre080131b-0etch1_all.deb to pool/main/i/iceape/mozilla-dev_1.8+1.0.12~pre080131b-0etch1_all.deb mozilla-dom-inspector_1.8+1.0.12~pre080131b-0etch1_all.deb to pool/main/i/iceape/mozilla-dom-inspector_1.8+1.0.12~pre080131b-0etch1_all.deb mozilla-js-debugger_1.8+1.0.12~pre080131b-0etch1_all.deb to pool/main/i/iceape/mozilla-js-debugger_1.8+1.0.12~pre080131b-0etch1_all.deb mozilla-mailnews_1.8+1.0.12~pre080131b-0etch1_all.deb to pool/main/i/iceape/mozilla-mailnews_1.8+1.0.12~pre080131b-0etch1_all.deb mozilla-psm_1.8+1.0.12~pre080131b-0etch1_all.deb to pool/main/i/iceape/mozilla-psm_1.8+1.0.12~pre080131b-0etch1_all.deb mozilla_1.8+1.0.12~pre080131b-0etch1_all.deb to pool/main/i/iceape/mozilla_1.8+1.0.12~pre080131b-0etch1_all.deb