Summary: | Stabilise =www-client/seamonkey-1.1.18 and =www-client/seamonkey-bin-1.1.18 | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2009-09-28 02:21:17 UTC
x86 stable ppc64 done Stable for HPPA. alpha/arm/ia64/sparc stable amd64 stable Marked ppc stable. Nothing for mozilla team to do here, none of the affected versions/packages are in-tree anymore. 1.1.18 fixed the vulnerabilities listed at https://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html#seamonkey1.1.18, namely: MFSA 2009-43, CVE-2009-2404 Heap overflow in certificate regexp parsing MFSA 2009-42, CVE-2009-2408 Compromise of SSL-protected communication ...and it looks like 1.1.18 was stable: http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/www-client/seamonkey/seamonkey-1.1.18.ebuild?hideattic=0&revision=1.10&view=markup So rating this B2 and adding to the Mozilla GLSA request. This issue was resolved and addressed in GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml by GLSA coordinator Sean Amoss (ackle). |