Bug#535124: marked as done (2.0.22 fixes several security issues)

Your message dated Wed, 01 Jul 2009 13:02:24 +0000
with message-id <E1MLzSC-0002Zi-I9@xxxxxxxxxxxxxxx>
and subject line Bug#535124: fixed in icedove 2.0.0.22-1
has caused the Debian Bug report #535124,
regarding 2.0.22 fixes several security issues
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@xxxxxxxxxxxxxxx
immediately.)


-- 
535124: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535124
Debian Bug Tracking System
Contact owner@xxxxxxxxxxxxxxx with problems

--- Begin Message ---

Subject:	2.0.22 fixes several security issues

Package: icedove
Severity: grave
Tags: security

Hi,
according to

http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html#thunderbird2.0.0.22

2.0.20, 2.0.21 and 2.0.22 fix several security issues in thunderbird.
Lenny ships 2.0.19 so it looks vulnerable.
Cheers,
-- Guido



--- End Message ---

--- Begin Message ---

Subject:	Bug#535124: fixed in icedove 2.0.0.22-1

Source: icedove
Source-Version: 2.0.0.22-1

We believe that the bug you reported is fixed in the latest version of
icedove, which is due to be installed in the Debian FTP archive:

icedove-dbg_2.0.0.22-1_amd64.deb
to pool/main/i/icedove/icedove-dbg_2.0.0.22-1_amd64.deb
icedove-dev_2.0.0.22-1_amd64.deb
to pool/main/i/icedove/icedove-dev_2.0.0.22-1_amd64.deb
icedove-gnome-support_2.0.0.22-1_amd64.deb
to pool/main/i/icedove/icedove-gnome-support_2.0.0.22-1_amd64.deb
icedove_2.0.0.22-1.diff.gz
to pool/main/i/icedove/icedove_2.0.0.22-1.diff.gz
icedove_2.0.0.22-1.dsc
to pool/main/i/icedove/icedove_2.0.0.22-1.dsc
icedove_2.0.0.22-1_amd64.deb
to pool/main/i/icedove/icedove_2.0.0.22-1_amd64.deb
icedove_2.0.0.22.orig.tar.gz
to pool/main/i/icedove/icedove_2.0.0.22.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 535124@xxxxxxxxxxxxxxx,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alexander Sack <asac@xxxxxxxxxx> (supplier of updated icedove package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@xxxxxxxxxx)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 01 Jul 2009 12:18:03 +0200
Source: icedove
Binary: icedove icedove-gnome-support icedove-dbg icedove-dev
Architecture: source amd64
Version: 2.0.0.22-1
Distribution: unstable
Urgency: low
Maintainer: Ubuntu Mozilla Team <ubuntu-mozillateam@xxxxxxxxxxxxxxxx>
Changed-By: Alexander Sack <asac@xxxxxxxxxx>
Description:
icedove - free/unbranded thunderbird mail/news/rss clone
icedove-dbg - Debug Symbols for Icedove
icedove-dev - Development files for Icedove
icedove-gnome-support - Support for Gnome in Icedove
Closes: 535124
Changes:
icedove (2.0.0.22-1) unstable; urgency=low
.
* New upstream security/stability update (v2.0.0.21/v2.0.0.22) (Closes:
535124)
* MFSA 2009-33: Crash viewing multipart/alternative message with
text/enhanced part
* MFSA 2009-32 aka CVE-2009-1841: JavaScript chrome privilege escalation
* MFSA 2009-29 aka CVE-2009-1838: Arbitrary code execution using event
listeners
attached to an element whose owner document is null
* MFSA 2009-27 aka CVE-2009-1836: SSL tampering via non-200 responses to
proxy
CONNECT requests
* MFSA 2009-24 aka CVE-2009-1832+CVE-2009-1831: Crashes with evidence of
memory
corruption (rv:1.9.0.11)
* MFSA 2009-17 aka CVE-2009-1307: Same-origin violations when Adobe Flash
loaded
via view-source: scheme
* MFSA 2009-14 aka CVE-2009-1303+CVE-2009-1302: Crashes with evidence of
memory
corruption (rv:1.9.0.9)
* MFSA 2009-15 aka CVE-2009-0652: URL spoofing with box drawing character
* MFSA 2009-10 aka CVE-2009-0040: Upgrade PNG library to fix memory safety
hazards
* MFSA 2009-09 aka CVE-2009-0776: XML data theft via RDFXMLDataSource and
cross-domain
redirect
* MFSA 2009-07 aka CVE-2009-0771,-0772,-0773,-0774: Crashes with evidence
of memory
corruption (rv:1.9.0.7)
* MFSA 2009-01 aka CVE-2009-0352,CVE-2009-0353 Crashes with evidence of
memory
corruption (rv:1.9.0.6)
* adjust patches to changed codebase
- update debian/patches/ubuntu-mail-app-xre-name
Checksums-Sha1:
398da416eacbf016c236537c68b70fe7760836c7 2340 icedove_2.0.0.22-1.dsc
69906157f63eb834f9448113935a54cdd7c57b5a 36965969 icedove_2.0.0.22.orig.tar.gz
01929d25780e89ff7be061780139c4e65a5086da 119647 icedove_2.0.0.22-1.diff.gz
3c369a22c26902aef61966ee11165784e50193ba 12322482 icedove_2.0.0.22-1_amd64.deb
22e4f0f550be6bdeeedd7bfe7ed7b7b0371c1586 58586
icedove-gnome-support_2.0.0.22-1_amd64.deb
2043893fc1e3aafb8e7f48da3abc6549bb01df55 57821440
icedove-dbg_2.0.0.22-1_amd64.deb
61ac3071f4a3ec9b963c47701e05362e72e8f5c8 3918212
icedove-dev_2.0.0.22-1_amd64.deb
Checksums-Sha256:
0bc9971e58a439c63bea62bf1a3a51ae58f6ef83d50500a030ef36559f683d0c 2340
icedove_2.0.0.22-1.dsc
a7807bee77140c93ef335c726609eebb4f35eaec0fc316e309e959dfecf11fa1 36965969
icedove_2.0.0.22.orig.tar.gz
6534ec6afad82c254951542818157a9ddb0ec6bbec4cc4f772f21106d24b38ee 119647
icedove_2.0.0.22-1.diff.gz
d3cf7639c660655add32b0f120a1c5bf9724730eb7e19bb4a4b7abca1f81c222 12322482
icedove_2.0.0.22-1_amd64.deb
c265a06a449b3126f1c05a75a5d2f16acff1a5f2a6de71774a29d6d76a91f0d0 58586
icedove-gnome-support_2.0.0.22-1_amd64.deb
67506d771998b1872803bc4c76376b68918aacacfd27246f6d9052080bed936e 57821440
icedove-dbg_2.0.0.22-1_amd64.deb
a234e0af1c812ff7d896479956c76a5a27d8df91beb9cf2f1ebd3f2a19bee07f 3918212
icedove-dev_2.0.0.22-1_amd64.deb
Files:
cc10cb12e7c174d4c8a5c87698fcc78d 2340 mail optional icedove_2.0.0.22-1.dsc
8e0ffafaece0680a42c0cb11ff34c64a 36965969 mail optional
icedove_2.0.0.22.orig.tar.gz
d37562ffa218b4cf1730a27fddd9857d 119647 mail optional
icedove_2.0.0.22-1.diff.gz
b36503cfc9345d9fea402c8b6f21e7df 12322482 mail optional
icedove_2.0.0.22-1_amd64.deb
69d09de772a749cf287f43b38a4762a0 58586 mail optional
icedove-gnome-support_2.0.0.22-1_amd64.deb
443811e9f4a8a010773660dccaf8bf9a 57821440 mail optional
icedove-dbg_2.0.0.22-1_amd64.deb
2db8c1314bf950d4cb347b4a28f775d3 3918212 mail optional
icedove-dev_2.0.0.22-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQIcBAEBAgAGBQJKS1XdAAoJEKBE/gcUDGZkSrQP+gKpjWHUpJylsqKEeI89TaoA
mkJqHhL6J74A8dzfrKBbewAlaUdHLfxo5LzHrMytP+ef7+68evtLROKjZFi2cwLT
Tj+d4jU5OnqYO5bsi3DkfXJ8PkE/tLujgBsuB0TOyrzV1DO+Sn1rccR2AQQoCYBy
76VtmFa4SGEgMylzZPvDFTN/a1y0iFncLWBMq3bdmvXaj72eaASdeg2yKT2VMWet
hl8SagLSHcUDJNMWFUqXyNE69uxxmce4WcnaGGNv5mJwbw2GwD4WNUYisZXYJzt/
4Vl7KFE9dGmzFLlNouR8BOSgJgDI/QQYSSplxnT2je6HAZ+75Mm5wKLviXoSYQbc
upXKkQ5/12Nka9+1cdG0s7Vyvv6wadTmzU9fzip8BI26HHRS1SSH6+OvB7Ul24gh
3s/GNtPEqOQ/Q4gSv4FH5O9wE0maCcdlAD0/CU75CCD5LoBq+a2Pje5oByPsP/Fi
D/553YmY6hUXe3vgRE8VKCR9QPSwVI8yo/ywmJMOpYPrz37z2TpmqIauuSd5aPPl
1OupF0ePsUVFvJtE8cFW95tBfRGQb+SFAB89bkmOrSfeNBOajK92qAg4bKj+T/f+
PJUJZhMrUxc4H1wGPOtoSPSnDFOQZY4xjUiUImIpJELhfHhqoAOVZ9c5ajZrIpvK
3y0nWAoxJxtcUlLgF7UD
=e51i
-----END PGP SIGNATURE-----



--- End Message ---

-- 
Ubuntu-mozillateam mailing list
Ubuntu-mozillateam@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-mozillateam