Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
Bug 718746 - <www-client/seamonkey-2.53.2: Multiple vulnerabilities
Summary: <www-client/seamonkey-2.53.2: Multiple vulnerabilities
Status: IN_PROGRESS
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-21 14:13 UTC by Sam James
Modified: 2020-07-26 05:50 UTC (History)
2 users (show)

See Also:
Package list:
=www-client/seamonkey-2.53.2
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James gentoo-dev Security 2020-04-21 14:13:01 UTC
Turns out there was no(?) release between 2.49.5 and 2.53.1.

There have been numerous security fixes since 2.49 (oldest in tree) and 2.53.1 (latest in tree).

"Additional important security fixes up to Current Firefox 73 and a few enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53 beta and release versions as fast as we are able to."

It is not entirely clear what SeaMonkey was vulnerable to, but let's just bump it and cleanup to be sure.
Comment 1 Sam James gentoo-dev Security 2020-04-29 11:08:25 UTC
@maintainer(s), please cleanup when ready
Comment 2 Sam James gentoo-dev Security 2020-04-29 11:09:26 UTC
(In reply to Sam James (sec padawan) from comment #1)
> @maintainer(s), please cleanup when ready

This is already done...
Comment 3 Sam James gentoo-dev Security 2020-04-29 11:52:32 UTC
@maintainer(s), please advise if ready for stabilisation, or call yourself. I figure we will wait a little bit because it's a beta.
Comment 4 Sam James gentoo-dev Security 2020-04-29 11:54:11 UTC
https://www.seamonkey-project.org/releases/seamonkey2.53.2/

"Additional important security fixes up to Current Firefox 73 and a few enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53 beta and release versions as fast as we are able to."
Comment 5 Lars Wendler (Polynomial-C) gentoo-dev 2020-04-29 11:54:11 UTC
(In reply to Sam James (sec padawan) from comment #3)
> @maintainer(s), please advise if ready for stabilisation, or call yourself.
> I figure we will wait a little bit because it's a beta.

No stabilization of a beta release. I was even reluctant to keyword this release at all...
Comment 6 Sam James gentoo-dev Security 2020-04-29 21:46:59 UTC
(In reply to Lars Wendler (Polynomial-C) from comment #5)
> (In reply to Sam James (sec padawan) from comment #3)
> > @maintainer(s), please advise if ready for stabilisation, or call yourself.
> > I figure we will wait a little bit because it's a beta.
> 
> No stabilization of a beta release. I was even reluctant to keyword this
> release at all...

No problem. We get people who decide they are happy with release candidates, git snapshots, etc, so I ask.
Comment 7 Larry the Git Cow gentoo-dev 2020-05-05 13:45:58 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=557d69fa95a593dd220ba2579f7194d4dcd9cc12

commit 557d69fa95a593dd220ba2579f7194d4dcd9cc12
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-05-05 13:43:26 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-05-05 13:45:50 +0000

    www-client/seamonkey: Security bump to version 2.53.2. Removed old
    
    Bug: https://bugs.gentoo.org/718746
    Closes: https://bugs.gentoo.org/720332
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 www-client/seamonkey/Manifest                                       | 6 +++---
 .../{seamonkey-2.53.2_beta1.ebuild => seamonkey-2.53.2.ebuild}      | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)
Comment 8 Sam James gentoo-dev Security 2020-05-05 13:48:45 UTC
Thanks! :)
Comment 9 Agostino Sarubbo gentoo-dev 2020-05-08 06:39:36 UTC
amd64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2020-05-11 16:49:48 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 11 Larry the Git Cow gentoo-dev 2020-05-11 17:09:11 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8f41293d57e34e0bbb65f7ad5b88c7542448070

commit a8f41293d57e34e0bbb65f7ad5b88c7542448070
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-05-11 17:09:03 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-05-11 17:09:03 +0000

    www-client/seamonkey: Security cleanup
    
    Bug: https://bugs.gentoo.org/718746
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 www-client/seamonkey/Manifest                   |   3 -
 www-client/seamonkey/seamonkey-2.53.1-r1.ebuild | 534 ------------------------
 2 files changed, 537 deletions(-)