Summary: | mail-client/mozilla-thunderbird (-bin) < 2.0.0.9 Memory management vulnerabilities (CVE-2007-{5339,5340}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | mozilla |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/27313/ | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 199299 |
Description
Robert Buchholz (RETIRED)
2007-10-20 02:22:10 UTC
Mozilla, please advise. Should we bump the package ourselves? The patches are available without a lot of hassle. In general we should bump packages if maintainers don't respond in a timely manner. Though we should try to poke them on IRC at least beforehand. (In reply to comment #3) > In general we should bump packages if maintainers don't respond in a timely > manner. Though we should try to poke them on IRC at least beforehand. Seems I wasn't clear enough. I meant we (Gentoo's mozilla herd) should bump it since Mozilla upstream did not release yet. Oh, I'm confusing roles here. I won't stand in the way of the herd bumping it's package:) Where are the patches? (In reply to comment #6) > Where are the patches? Debian ships some for 1.5 which are pretty much undocumented because of the embargo. Ubuntu released a "pre" snapshot. In light of the other regressions you mentioned we should probably wait for upstream. In CVS To be done: mail-client/mozilla-thunderbird-2.0.0.9 x11-plugins/enigmail-0.95.3-r1 mail-client/mozilla-thunderbird-bin-2.0.0.9 Arches, please test and mark stable mail-client/mozilla-thunderbird-2.0.0.9. Target keywords : "alpha amd64 ia64 mips ppc ppc64 sparc x86" x11-plugins/enigmail-0.95.5-r1. Target keywords : "alpha amd64 ia64 mips ppc ppc64 sparc x86" mail-client/mozilla-thunderbird-bin-2.0.0.9: Target keywords : "amd64 x86" compiled and seems to work fine (still testing): genlop -t mozilla-thunderbird * mail-client/mozilla-thunderbird Thu Nov 15 21:17:42 2007 >>> mail-client/mozilla-thunderbird-2.0.0.9 merge time: 18 minutes and 44 seconds. Portage 2.1.3.19 (default-linux/amd64/2007.0, gcc-4.2.2, glibc-2.7-r0, 2.6.23-kamikaze5-amd64 x86_64) ================================================================= System uname: 2.6.23-kamikaze5-amd64 x86_64 Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz Timestamp of tree: Thu, 15 Nov 2007 19:30:01 +0000 app-shells/bash: 3.2_p17-r1 dev-java/java-config: 1.3.7, 2.1.2-r1 dev-lang/python: 2.4.4-r6 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 2.0.0_rc6 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3, 2.18-r1 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.22-r2 ACCEPT_KEYWORDS="amd64 ~amd64" CBUILD="x86_64-pc-linux-gnu" x86 stable amd64 stable alpha/ia64/sparc stable i said enigmail-0.95.3-r1, but .5 is fine as well :) ppc64 stable ppc stable GLSA 200711-24 |