Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 541506

Summary: <www-client/seamonkey-2.38{,-bin}: Multiple vulnerabilities (CVE-2015-{0819,0820,0821,0822,0823,0824,0825,0826,0827,0828,0829,0830,0831,0832,0833,0834,0835,0836})
Product: Gentoo Security Reporter: Kristian Fiskerstrand (RETIRED) <k_f>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: ago, alexander, mozilla
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa cve]
Package list:
Runtime testing required: ---

Description Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-02-27 08:47:28 UTC 
+++ This bug was initially created as a clone of Bug #541316 +++

Tracking seamonkey here

#
Ebuilds for firefox{,-bin}-{31.5,36} and thunderbird{,-bin}-31.5 are in the tree.

Stabilization can occur for firefox{,-bin}-31.5 and thunderbird{,-bin}-31.5 at any time.  I will CC arches properly once at a regular computer, if someone else doesn't do it beforehand.

Please note that seamonkey{,-bin} is also vulnerable but the fixed release hasn't been..uhm..released.
#

https://www.mozilla.org/en-US/security/advisories/mfsa2015-11/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-12/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-13/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-14/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-15/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-16/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-17/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-18/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-19/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-20/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-21/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-22/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-23/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-24/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-25/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-26/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-27/
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2015-03-11 12:05:24 UTC 
+*seamonkey-2.33 (11 Mar 2015)
+
+  11 Mar 2015; Lars Wendler <polynomial-c@gentoo.org>
+  -seamonkey-2.31-r1.ebuild, +seamonkey-2.33.ebuild:
+  Version bump. Removed old.
+

This relaese should address all mentioned issues.
Comment 2 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2015-09-08 11:10:02 UTC 
For the record, seamonkey{,-bin}.2.33.1 have already bee stablilized quite a while ago.
So all what is necessary here is to decide if we want to send out a GLSA.
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2015-12-31 03:36:33 UTC 
So added to an existing GLSA, will send out with the next Mozilla products GLSA
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2017-01-03 13:02:18 UTC 
This issue was resolved and addressed in
 GLSA 201701-15 at https://security.gentoo.org/glsa/201701-15
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-04 15:36:50 UTC 
SeaMonkey was removed from the GLSA.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2017-01-13 15:00:51 UTC 
This issue was resolved and addressed in
 GLSA 201701-35 at https://security.gentoo.org/glsa/201701-35
by GLSA coordinator Aaron Bauman (b-man).