Debian: New icedove packages fix regression

    Date17 Mar 2008
    CategoryDebian
    2283
    Posted ByLinuxSecurity Advisories
    Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in the layout engine, which might allow the execution of arbitrary code.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1485-2                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                       Moritz Muehlenhoff
    March 17, 2008                        http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : icedove
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594
    
    A regression has been fixed in icedove's frame handling code. For
    reference you can find the original update below:
    
    Several remote vulnerabilities have been discovered in the Icedove mail
    client, an unbranded version of the Thunderbird client. The Common
    Vulnerabilities and Exposures project identifies the following problems:
    
    CVE-2008-0412
    
        Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul
        Nickerson discovered crashes in the layout engine, which might allow
        the execution of arbitrary code.
    
    CVE-2008-0413
    
        Carsten Book, Wesley Garland, Igor Bukanov, "moz_bug_r_a4", "shutdown",
        Philip Taylor and "tgirmann" discovered crashes in the Javascript
        engine, which might allow the execution of arbitrary code.
    
    CVE-2008-0415
    
        "moz_bug_r_a4" and Boris Zbarsky discovered discovered several
        vulnerabilities in Javascript handling, which could allow
        privilege escalation.
    
    CVE-2008-0418
    
        Gerry Eisenhaur and "moz_bug_r_a4" discovered that a directory
        traversal vulnerability in chrome: URI handling could lead to
        information disclosure.
    
    CVE-2008-0419
    
        David Bloom discovered a race condition in the image handling of
        designMode elements, which can lead to information disclosure or
        potentially the execution of arbitrary code.
    
    CVE-2008-0591
    
        Michal Zalewski discovered that timers protecting security-sensitive
        dialogs (which disable dialog elements until a timeout is reached)
        could be bypassed by window focus changes through Javascript.
    
    For the stable distribution (etch), these problems have been fixed in
    version 1.5.0.13+1.5.0.15b.dfsg1-0etch2.
    
    The Mozilla products in the old stable distribution (sarge) are no
    longer supported with security updates.
    
    We recommend that you upgrade your icedove packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian 4.0 (stable)
    - -------------------
    
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2.diff.gz
        Size/MD5 checksum:   641080 8da0c046148daa841941f8fdf7d3a468
      http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1.orig.tar.gz
        Size/MD5 checksum: 35174191 b1a02873d5e320b1a208dbffc256baee
      http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2.dsc
        Size/MD5 checksum:     1934 ad83c84fbfa37e05030f04ab2beea2f0
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb
        Size/MD5 checksum:    29162 6aba3762846d6cc855b59449938897a1
      http://security.debian.org/pool/updates/main/i/icedove/thunderbird-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb
        Size/MD5 checksum:    29154 02b82cfbeda2ea8ada9a0646fc5c0691
      http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb
        Size/MD5 checksum:    29142 cd038ed9a2e5a6b40da1f18a5a2debc0
      http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb
        Size/MD5 checksum:    29162 283d27da1071b1039ab81c9aa2dcd11d
      http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb
        Size/MD5 checksum:    29138 93dd70cced9714a43b34624bc2695571
      http://security.debian.org/pool/updates/main/i/icedove/thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb
        Size/MD5 checksum:    29150 397ae77f472a060749d09ffbcd6299f6
      http://security.debian.org/pool/updates/main/i/icedove/thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb
        Size/MD5 checksum:    29162 1fa418c580e8c82435f91ecd4bf41090
      http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb
        Size/MD5 checksum:    29136 b2ffd7bea2f595a1f6fdc96af8e0be87
      http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb
        Size/MD5 checksum:    29148 a3a86d0d519201557f17e58d54db82fc
      http://security.debian.org/pool/updates/main/i/icedove/thunderbird_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb
        Size/MD5 checksum:    29120 f318f2f878e868a74b1ead42db02fbff
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_alpha.deb
        Size/MD5 checksum:  3959884 710d3d698bf1179e55104abed949a6be
      http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_alpha.deb
        Size/MD5 checksum:    64920 a3e95ad0027ccfc73fc8fb63e52e7484
      http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_alpha.deb
        Size/MD5 checksum:    52788 a74420d45ab8a7ad2c435b2b54625570
      http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_alpha.deb
        Size/MD5 checksum: 13477550 8249b008b7de20fca03a4cead73e025d
      http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_alpha.deb
        Size/MD5 checksum:   201140 76410d580565d0e3877f34b88d68f977
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_alpha.deb
        Size/MD5 checksum: 52398862 626fc104e22aa5e728495fc143c9b604
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_amd64.deb
        Size/MD5 checksum: 51479922 fe1cc4dcd664e5c70d8c3394df0d61b0
      http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_amd64.deb
        Size/MD5 checksum: 12176406 b64a56a7f9e06df18f61f00918b62946
      http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_amd64.deb
        Size/MD5 checksum:   196168 e1b6a9ce58c58b8f14bc03cd41337e12
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_amd64.deb
        Size/MD5 checksum:  3678408 ef8c2f54f89929428b6f3df2b7c17089
      http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_amd64.deb
        Size/MD5 checksum:    52564 2a6ab2241730acdf6c3005259ef84098
      http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_amd64.deb
        Size/MD5 checksum:    61606 b748a3852ed2568670430065a6bcf5e2
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_arm.deb
        Size/MD5 checksum:   190242 f01dc34e5354e61cb9b284513983e027
      http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_arm.deb
        Size/MD5 checksum:    47528 a8e89efce73f53de6675ea0bc29493dd
      http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_arm.deb
        Size/MD5 checksum: 10890322 f1c712ab506e05dbfcf6ed15e40ab267
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_arm.deb
        Size/MD5 checksum:  3921368 835fe66a9f284867ae50813ee52ea5b7
      http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_arm.deb
        Size/MD5 checksum:    59264 d116e875887ef623ea57b88b28b6ddf0
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_arm.deb
        Size/MD5 checksum: 50840090 24a227e1250d063269c58c271ebca291
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_i386.deb
        Size/MD5 checksum: 50740666 9b69293b1cbe427ed43818c1d2e18cc2
      http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_i386.deb
        Size/MD5 checksum:    48564 34c53bb12a93738db67d7769b67f2044
      http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_i386.deb
        Size/MD5 checksum:   191210 13114249b05826f62ba589e2eeac2d2a
      http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_i386.deb
        Size/MD5 checksum:    58590 6e1bec505bc3795924c9c6f4c63570e9
      http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_i386.deb
        Size/MD5 checksum: 10908406 aa36c6587227a61eb2cf9b5440671351
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_i386.deb
        Size/MD5 checksum:  3675024 95eed699227d9fbd5780c3d135a7d7d6
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_ia64.deb
        Size/MD5 checksum:    74640 c91145f299a8a2a1eb7046ea2aca52c6
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_ia64.deb
        Size/MD5 checksum:  3727470 a792a88b248cb0a337ce5ca83b588422
      http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_ia64.deb
        Size/MD5 checksum:   205256 6bcb0b58261a71e6e092d3b0058d4e7a
      http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_ia64.deb
        Size/MD5 checksum:    59970 1c67ec1fc7b615abd19c1389582baf1f
      http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_ia64.deb
        Size/MD5 checksum: 16555888 c50b8f8a39cc52c9c6ccd43bfd16e014
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_ia64.deb
        Size/MD5 checksum: 51781970 bb9ee0dcf256a786651f84adf2358a0a
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mips.deb
        Size/MD5 checksum:  3947082 60d9ea6886588e9b41139780a903d69c
      http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mips.deb
        Size/MD5 checksum:    48240 e5734152adc186470325e182d4b34f70
      http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mips.deb
        Size/MD5 checksum: 11605920 2e0319113e5009c052cacc7d0307e813
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mips.deb
        Size/MD5 checksum: 53114874 f2f4750010657a7adcf2911c57608309
      http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mips.deb
        Size/MD5 checksum:    58754 6792b308b73e2150584ef6890a208552
      http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mips.deb
        Size/MD5 checksum:   192942 88e0819fe73b595444f3dbd3a59232db
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mipsel.deb
        Size/MD5 checksum:  3682858 c932cc8a6829ca16e1f395b8e55fbebe
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mipsel.deb
        Size/MD5 checksum: 51683616 b2813b38b94d3715df3fb42bf7c1dad9
      http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mipsel.deb
        Size/MD5 checksum:    59210 5077fb067f758e5b9c5dfcf930cbfae2
      http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mipsel.deb
        Size/MD5 checksum:    49522 e9ed5680a1d5ebc8afbb30d722ee6468
      http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mipsel.deb
        Size/MD5 checksum: 11360126 2078cd56ce9db6fb6245b1a9ee276482
      http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mipsel.deb
        Size/MD5 checksum:   192540 fdac9d9b390940dead89c96b3a730432
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_powerpc.deb
        Size/MD5 checksum:  3677952 a858d6b19632c1a9ae9914bc9a5adc5b
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_powerpc.deb
        Size/MD5 checksum: 53293566 63c20de9258639ff550589c12af40f8b
      http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_powerpc.deb
        Size/MD5 checksum:    60974 9f9e242dfbfbe84cde06b7b661fe0728
      http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_powerpc.deb
        Size/MD5 checksum: 11805570 d15eac8917db32cb04a8eac9d73a9c17
      http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_powerpc.deb
        Size/MD5 checksum:   193224 38fd2de7e4b8df743acb2217e54f8b04
      http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_powerpc.deb
        Size/MD5 checksum:    50124 61db63cfe9242e8379579bc3fcc32e88
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_s390.deb
        Size/MD5 checksum:    62754 19a0e3377467c5a1e5fd53a5cd5070d4
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_s390.deb
        Size/MD5 checksum:  3681554 395ed68c790698f0fcb30081ad1f9ea0
      http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_s390.deb
        Size/MD5 checksum:    53184 9076795f592696f61c34c53ce29e1ebc
      http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_s390.deb
        Size/MD5 checksum: 12835828 4d1137bbec37f67601f2a7eae99857b9
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_s390.deb
        Size/MD5 checksum: 52154562 fc8a7b1ff7d7f9cae755629cd19dab80
      http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_s390.deb
        Size/MD5 checksum:   197916 f7832e2b34d9142799b992794753aac4
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_sparc.deb
        Size/MD5 checksum: 50636782 35d513348d5dda2d7f4c682a7f3f639f
      http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_sparc.deb
        Size/MD5 checksum:   190740 0b9a1afa87b0bb0e0bc3fa48d9e3e0bb
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_sparc.deb
        Size/MD5 checksum:  3671694 d890eeed08ecb1f0eeeff46f09bdeea3
      http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_sparc.deb
        Size/MD5 checksum: 11116804 ddb8b828546498479a3fddd718a0633c
      http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_sparc.deb
        Size/MD5 checksum:    58654 35ee94e3ae7339f642ffce1fa42a7c29
      http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_sparc.deb
        Size/MD5 checksum:    48644 147aa5f5592ba08bc7f2ec42453a6104
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.