Bug 767400

Summary:	<www-client/seamonkey-2.53.6: multiple vulnerabilities
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	major	CC:	ajak, gentoo-bugs, mozilla
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B2 [glsa+]
Package list:	www-client/seamonkey-2.53.6	Runtime testing required:	---

Description John Helmert III archtester

2021-01-27 05:09:51 UTC

From the SeaMonkey 2.53.6 changelog:

SeaMonkey 2.53.6 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes.

SeaMonkey 2.53.6 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.0 release notes for specific changes and security fixes in this release.

Additional important security fixes up to Current Firefox 78.6 ESR and a few enhancements have been backported.


And it links to these pages as references for the vulnerabilities:

https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/


Firefox 60.8 advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/
Firefox 78.6 advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/
Thunderbird 60.0 advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/

A bit messy to track all the vulnerabilities, but of course these all report memory safety bugs that are presumed to be able to remotely execute code.

Comment 1 Larry the Git Cow gentoo-dev

2021-01-27 07:35:03 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9475b6f680eb9b45bb63d660d1f2b2695b4c73d8

commit 9475b6f680eb9b45bb63d660d1f2b2695b4c73d8
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2021-01-27 07:34:51 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2021-01-27 07:35:00 +0000

    www-client/seamonkey: Security cleanup
    
    Bug: https://bugs.gentoo.org/767400
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 www-client/seamonkey/Manifest                  |   4 -
 www-client/seamonkey/metadata.xml              |   1 -
 www-client/seamonkey/seamonkey-2.53.5.1.ebuild | 541 -------------------------
 3 files changed, 546 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=462fdc938bab022078cbb44068327312689cbb01

commit 462fdc938bab022078cbb44068327312689cbb01
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2021-01-27 07:33:31 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2021-01-27 07:35:00 +0000

    www-client/seamonkey: Version 2.53.6 stable for amd64 and x86
    
    Bug: https://bugs.gentoo.org/767400
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 www-client/seamonkey/seamonkey-2.53.6.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 2 NATTkA bot gentoo-dev

2021-04-21 12:44:28 UTC

Unable to check for sanity:

> no match for package: www-client/seamonkey-2.53.6

Comment 3 Larry the Git Cow gentoo-dev

2024-02-19 06:11:01 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=c90f240e95679005dbd82c35fe74df524c4217dc

commit c90f240e95679005dbd82c35fe74df524c4217dc
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-02-19 05:58:31 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2024-02-19 06:10:22 +0000

    [ GLSA 202402-24 ] Seamonkey: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/767400
    Bug: https://bugs.gentoo.org/828479
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202402-24.xml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)