Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 286721 - Stabilise =www-client/seamonkey-1.1.18 and =www-client/seamonkey-bin-1.1.18
Summary: Stabilise =www-client/seamonkey-1.1.18 and =www-client/seamonkey-bin-1.1.18
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-09-28 02:21 UTC by Robert Buchholz (RETIRED)
Modified: 2013-01-08 01:03 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2009-09-28 02:21:17 UTC 
Arches, please test and mark stable:
=www-client/seamonkey-1.1.18
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

=www-client/seamonkey-bin-1.1.18
Target keywords : "amd64 x86"
Comment 1 Christian Faulhammer (RETIRED) gentoo-dev 2009-09-28 14:52:15 UTC 
x86 stable
Comment 2 Brent Baude (RETIRED) gentoo-dev 2009-09-28 17:46:18 UTC 
ppc64 done
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2009-09-29 00:23:20 UTC 
Stable for HPPA.
Comment 4 Raúl Porcel (RETIRED) gentoo-dev 2009-09-29 17:19:06 UTC 
alpha/arm/ia64/sparc stable
Comment 5 Markus Meier gentoo-dev 2009-09-29 22:23:57 UTC 
amd64 stable
Comment 6 Joe Jezak (RETIRED) gentoo-dev 2009-10-03 16:10:29 UTC 
Marked ppc stable.
Comment 7 Nirbheek Chauhan (RETIRED) gentoo-dev 2010-09-16 13:36:23 UTC 
Nothing for mozilla team to do here, none of the affected versions/packages are in-tree anymore.
Comment 8 Tim Sammut (RETIRED) gentoo-dev 2011-01-02 04:46:52 UTC 
1.1.18 fixed the vulnerabilities listed at https://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html#seamonkey1.1.18, namely:

MFSA 2009-43, CVE-2009-2404 Heap overflow in certificate regexp parsing
MFSA 2009-42, CVE-2009-2408 Compromise of SSL-protected communication

...and it looks like 1.1.18 was stable:

http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/www-client/seamonkey/seamonkey-1.1.18.ebuild?hideattic=0&revision=1.10&view=markup

So rating this B2 and adding to the Mozilla GLSA request.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2013-01-08 01:03:33 UTC 
This issue was resolved and addressed in
 GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).