-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Christoph Göhre uploaded new packages for icedove which fixed the following security problems:
CVE-2011-0083 Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback. CVE-2011-0085 Use-after-free vulnerability in the nsXULCommandDispatcher function allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater. CVE-2011-2362 Icedove do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers. CVE-2011-2363 Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback. CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2376 Unspecified vulnerability allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code. CVE-2011-2371 Integer overflow in the Array.reduceRight method allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object. CVE-2011-2373 Use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted XUL document. CVE-2011-2377 Allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image. For the squeeze-backports distribution, this problem have been fixed in version 3.1.11-1~bpo60+1. For the testing distribution (wheezy), this problem has been fixed in version 3.1.11-1. For the unstable distribution (sid), this problem has been fixed in version 3.1.11-1. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCAAGBQJODgMFAAoJECbjyHWnRCDvy48P/1Q3S7rjbeoTVB7efk6xV3/r /UVtFMe7JDOUnJRMHY3ldWB299nYE8T0jhBvGMP8CN9DzwBzFKrGQ+0dY6nFni2L osqwZ+pA3Si8DasXgS2plJ2GkoaM92W0jonIdc6qtPRK10LgAqhk0g41aIBTBYTL GG1HC8qlcLDNy/2CEdHDbdvhET+enkQ+EcL9aQLZS1aDYSgkIBFdICB0goP5wlUm zojiV9G7eOcDK07+Sr1ppOrhZDrYv7tRo97nmafZCc/5HkqWLmOGufeEOrNFDcpB 9d79GZ6zrs/DfO70HJXY9kWCbBJVrNeKHdDzKmBbsjxiSli9qORkClc3ge4Ki192 T4AaeCkJ7UETf2hgmtY5aD/ynUh9qlLVRRiG0z4lBZyylRii41+2UxC6kGPjpPma b17CJ5Dh3fQIO8IJEjAPvbOubfyiCA2vX2JKWz9QAeWAU0p1l3ZJlBouLUNvpkWX erqELKasUiGlqGiHTHWUt/xBIwuRL7zxMdo31M+Tw+yrpS3q2ItcDKfwQkz6exVC zaaoSECEIu2yWCY8VyZ3Jtlu3IZZNhqoDW7YVPN/F99cmgHQxpO0gDOErq7iSDBu lfzd8xmJCsSqNHY4dmju2IFvnuRDr/4tQDDCGwSYr3U9u+HHJqmKQuo+Wabam33H 6Iob0Iv/7MxUhNtYJ85b =Gaca -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
