Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 767400 - <www-client/seamonkey-2.53.6: multiple vulnerabilities
Summary: <www-client/seamonkey-2.53.6: multiple vulnerabilities
Status: IN_PROGRESS
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa?]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-01-27 05:09 UTC by John Helmert III
Modified: 2021-11-20 15:19 UTC (History)
1 user (show)

See Also:
Package list:
www-client/seamonkey-2.53.6
Runtime testing required: ---
nattka: sanity-check-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-01-27 05:09:51 UTC
From the SeaMonkey 2.53.6 changelog:

SeaMonkey 2.53.6 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes.

SeaMonkey 2.53.6 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.0 release notes for specific changes and security fixes in this release.

Additional important security fixes up to Current Firefox 78.6 ESR and a few enhancements have been backported.


And it links to these pages as references for the vulnerabilities:

https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/


Firefox 60.8 advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/
Firefox 78.6 advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/
Thunderbird 60.0 advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/

A bit messy to track all the vulnerabilities, but of course these all report memory safety bugs that are presumed to be able to remotely execute code.
Comment 1 Larry the Git Cow gentoo-dev 2021-01-27 07:35:03 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9475b6f680eb9b45bb63d660d1f2b2695b4c73d8

commit 9475b6f680eb9b45bb63d660d1f2b2695b4c73d8
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2021-01-27 07:34:51 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2021-01-27 07:35:00 +0000

    www-client/seamonkey: Security cleanup
    
    Bug: https://bugs.gentoo.org/767400
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 www-client/seamonkey/Manifest                  |   4 -
 www-client/seamonkey/metadata.xml              |   1 -
 www-client/seamonkey/seamonkey-2.53.5.1.ebuild | 541 -------------------------
 3 files changed, 546 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=462fdc938bab022078cbb44068327312689cbb01

commit 462fdc938bab022078cbb44068327312689cbb01
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2021-01-27 07:33:31 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2021-01-27 07:35:00 +0000

    www-client/seamonkey: Version 2.53.6 stable for amd64 and x86
    
    Bug: https://bugs.gentoo.org/767400
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 www-client/seamonkey/seamonkey-2.53.6.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 2 NATTkA bot gentoo-dev 2021-04-21 12:44:28 UTC
Unable to check for sanity:

> no match for package: www-client/seamonkey-2.53.6