Turns out there was no(?) release between 2.49.5 and 2.53.1. There have been numerous security fixes since 2.49 (oldest in tree) and 2.53.1 (latest in tree). "Additional important security fixes up to Current Firefox 73 and a few enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53 beta and release versions as fast as we are able to." It is not entirely clear what SeaMonkey was vulnerable to, but let's just bump it and cleanup to be sure.
@maintainer(s), please cleanup when ready
(In reply to Sam James (sec padawan) from comment #1) > @maintainer(s), please cleanup when ready This is already done...
@maintainer(s), please advise if ready for stabilisation, or call yourself. I figure we will wait a little bit because it's a beta.
https://www.seamonkey-project.org/releases/seamonkey2.53.2/ "Additional important security fixes up to Current Firefox 73 and a few enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53 beta and release versions as fast as we are able to."
(In reply to Sam James (sec padawan) from comment #3) > @maintainer(s), please advise if ready for stabilisation, or call yourself. > I figure we will wait a little bit because it's a beta. No stabilization of a beta release. I was even reluctant to keyword this release at all...
(In reply to Lars Wendler (Polynomial-C) from comment #5) > (In reply to Sam James (sec padawan) from comment #3) > > @maintainer(s), please advise if ready for stabilisation, or call yourself. > > I figure we will wait a little bit because it's a beta. > > No stabilization of a beta release. I was even reluctant to keyword this > release at all... No problem. We get people who decide they are happy with release candidates, git snapshots, etc, so I ask.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=557d69fa95a593dd220ba2579f7194d4dcd9cc12 commit 557d69fa95a593dd220ba2579f7194d4dcd9cc12 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2020-05-05 13:43:26 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-05-05 13:45:50 +0000 www-client/seamonkey: Security bump to version 2.53.2. Removed old Bug: https://bugs.gentoo.org/718746 Closes: https://bugs.gentoo.org/720332 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> www-client/seamonkey/Manifest | 6 +++--- .../{seamonkey-2.53.2_beta1.ebuild => seamonkey-2.53.2.ebuild} | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-)
Thanks! :)
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8f41293d57e34e0bbb65f7ad5b88c7542448070 commit a8f41293d57e34e0bbb65f7ad5b88c7542448070 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2020-05-11 17:09:03 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-05-11 17:09:03 +0000 www-client/seamonkey: Security cleanup Bug: https://bugs.gentoo.org/718746 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> www-client/seamonkey/Manifest | 3 - www-client/seamonkey/seamonkey-2.53.1-r1.ebuild | 534 ------------------------ 2 files changed, 537 deletions(-)
Unable to check for sanity: > no match for package: =www-client/seamonkey-2.53.2
commit 6639fb603aece414fcc25d9ee7c70bcff0450740 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Sat Oct 24 15:43:10 2020 www-client/seamonkey: Removed old Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> www-client/seamonkey/Manifest | 3 - www-client/seamonkey/seamonkey-2.53.2.ebuild | 527 --------------------------- 2 files changed, 530 deletions(-)
This issue was resolved and addressed in GLSA 202012-02 at https://security.gentoo.org/glsa/202012-02 by GLSA coordinator Thomas Deutschmann (whissi).