Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 718746

Summary: <www-client/seamonkey-2.53.2: Multiple vulnerabilities
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: mozilla, polynomial-c
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=715030
https://bugs.gentoo.org/show_bug.cgi?id=718738
Whiteboard: B2 [glsa+]
Package list:
Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-21 14:13:01 UTC
Turns out there was no(?) release between 2.49.5 and 2.53.1.

There have been numerous security fixes since 2.49 (oldest in tree) and 2.53.1 (latest in tree).

"Additional important security fixes up to Current Firefox 73 and a few enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53 beta and release versions as fast as we are able to."

It is not entirely clear what SeaMonkey was vulnerable to, but let's just bump it and cleanup to be sure.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-29 11:08:25 UTC
@maintainer(s), please cleanup when ready
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-29 11:09:26 UTC
(In reply to Sam James (sec padawan) from comment #1)
> @maintainer(s), please cleanup when ready

This is already done...
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-29 11:52:32 UTC
@maintainer(s), please advise if ready for stabilisation, or call yourself. I figure we will wait a little bit because it's a beta.
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-29 11:54:11 UTC
https://www.seamonkey-project.org/releases/seamonkey2.53.2/

"Additional important security fixes up to Current Firefox 73 and a few enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53 beta and release versions as fast as we are able to."
Comment 5 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2020-04-29 11:54:11 UTC
(In reply to Sam James (sec padawan) from comment #3)
> @maintainer(s), please advise if ready for stabilisation, or call yourself.
> I figure we will wait a little bit because it's a beta.

No stabilization of a beta release. I was even reluctant to keyword this release at all...
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-29 21:46:59 UTC
(In reply to Lars Wendler (Polynomial-C) from comment #5)
> (In reply to Sam James (sec padawan) from comment #3)
> > @maintainer(s), please advise if ready for stabilisation, or call yourself.
> > I figure we will wait a little bit because it's a beta.
> 
> No stabilization of a beta release. I was even reluctant to keyword this
> release at all...

No problem. We get people who decide they are happy with release candidates, git snapshots, etc, so I ask.
Comment 7 Larry the Git Cow gentoo-dev 2020-05-05 13:45:58 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=557d69fa95a593dd220ba2579f7194d4dcd9cc12

commit 557d69fa95a593dd220ba2579f7194d4dcd9cc12
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-05-05 13:43:26 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-05-05 13:45:50 +0000

    www-client/seamonkey: Security bump to version 2.53.2. Removed old
    
    Bug: https://bugs.gentoo.org/718746
    Closes: https://bugs.gentoo.org/720332
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 www-client/seamonkey/Manifest                                       | 6 +++---
 .../{seamonkey-2.53.2_beta1.ebuild => seamonkey-2.53.2.ebuild}      | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)
Comment 8 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-05 13:48:45 UTC
Thanks! :)
Comment 9 Agostino Sarubbo gentoo-dev 2020-05-08 06:39:36 UTC
amd64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2020-05-11 16:49:48 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 11 Larry the Git Cow gentoo-dev 2020-05-11 17:09:11 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8f41293d57e34e0bbb65f7ad5b88c7542448070

commit a8f41293d57e34e0bbb65f7ad5b88c7542448070
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-05-11 17:09:03 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-05-11 17:09:03 +0000

    www-client/seamonkey: Security cleanup
    
    Bug: https://bugs.gentoo.org/718746
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 www-client/seamonkey/Manifest                   |   3 -
 www-client/seamonkey/seamonkey-2.53.1-r1.ebuild | 534 ------------------------
 2 files changed, 537 deletions(-)
Comment 12 NATTkA bot gentoo-dev 2020-10-24 14:01:00 UTC
Unable to check for sanity:

> no match for package: =www-client/seamonkey-2.53.2
Comment 13 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2020-10-24 14:30:02 UTC
commit 6639fb603aece414fcc25d9ee7c70bcff0450740
Author: Lars Wendler <polynomial-c@gentoo.org>
Date:   Sat Oct 24 15:43:10 2020

    www-client/seamonkey: Removed old
    
    Package-Manager: Portage-3.0.8, Repoman-3.0.2
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 www-client/seamonkey/Manifest                |   3 -
 www-client/seamonkey/seamonkey-2.53.2.ebuild | 527 ---------------------------
 2 files changed, 530 deletions(-)
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2020-12-07 00:36:57 UTC
This issue was resolved and addressed in
 GLSA 202012-02 at https://security.gentoo.org/glsa/202012-02
by GLSA coordinator Thomas Deutschmann (whissi).