718738 – www-client/seamonkey-bin: Multiple vulnerabilities

Bug 718738 - www-client/seamonkey-bin: Multiple vulnerabilities

Summary: www-client/seamonkey-bin: Multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B2 [glsa+ glsa+ masked]
Keywords:	PMASKED

Depends on:
Blocks:

Reported:	2020-04-21 12:24 UTC by Sam James
Modified:	2020-12-07 00:36 UTC (History)
CC List:	1 user (show)

See Also:	718746
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2020-04-21 12:24:27 UTC

There have been numerous security fixes since 2.48 (last stable) and 2.49 (latest in tree).

See the following links for fixes contained in 2.53.1:
* https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox60.3
* https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird60


----
Please bump seamonkey-bin to the latest version (2.53.2).

I'm checking out any issues with seamonkey separately and will file in a separate bug (to be linked).

I understand Seamonkey is a small development team so I'm not looking to get it last rited or anything, just as up to date as we can get.

Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev

2020-04-21 12:27:25 UTC

Not my package...

Comment 2 Larry the Git Cow gentoo-dev

2020-04-26 22:26:09 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=db96e8046ad9d2c8a7f153d3e90e7a0c8ffbe01d

commit db96e8046ad9d2c8a7f153d3e90e7a0c8ffbe01d
Author:     Sam James (sam_c) <sam@cmpct.info>
AuthorDate: 2020-04-21 13:15:51 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-04-26 22:25:49 +0000

    package.mask: Last-rite www-client/seamonkey-bin
    
    Bug: https://bugs.gentoo.org/718738
    Signed-off-by: Sam James (sam_c) <sam@cmpct.info>
    Closes: https://github.com/gentoo/gentoo/pull/15456
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 profiles/package.mask | 6 ++++++
 1 file changed, 6 insertions(+)

Comment 3 tt_1 2020-05-01 06:01:05 UTC

why not bumping it to 2.53?

Comment 4 Sam James archtester

2020-05-24 21:22:02 UTC

(In reply to tt_1 from comment #3)
> why not bumping it to 2.53?

Nobody wants to maintain it. Seamonkey is staying, just not the binary pkg.

Comment 5 Larry the Git Cow gentoo-dev

2020-05-31 10:30:26 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27c0d7e372a62dbe04da89e697ffaaccac76c65a

commit 27c0d7e372a62dbe04da89e697ffaaccac76c65a
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2020-05-31 10:25:49 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2020-05-31 10:29:48 +0000

    www-client/seamonkey-bin: Remove last-rited pkg
    
    Bug: https://bugs.gentoo.org/718738
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 profiles/package.mask                              |   6 -
 www-client/seamonkey-bin/Manifest                  |  40 ------
 www-client/seamonkey-bin/files/10seamonkey-bin     |   1 -
 .../files/all-gentoo-1-cve-2015-4000.js            |  13 --
 .../seamonkey-bin/files/icon/seamonkey-bin.desktop |  10 --
 www-client/seamonkey-bin/files/local-settings.js   |   2 -
 www-client/seamonkey-bin/metadata.xml              |   8 --
 www-client/seamonkey-bin/seamonkey-bin-2.48.ebuild | 140 -------------------
 .../seamonkey-bin/seamonkey-bin-2.49.1_rc2.ebuild  | 150 ---------------------
 9 files changed, 370 deletions(-)

Comment 6 GLSAMaker/CVETool Bot gentoo-dev

2020-12-07 00:36:54 UTC

This issue was resolved and addressed in
 GLSA 202012-02 at https://security.gentoo.org/glsa/202012-02
by GLSA coordinator Thomas Deutschmann (whissi).