Bug#535124: marked as done (2.0.22 fixes several security issues)

[Debian Bug Tracking System]

Your message dated Wed, 01 Jul 2009 13:02:24 +0000
with message-id <e1mlzsc-0002zi...@ries.debian.org>
and subject line Bug#535124: fixed in icedove 2.0.0.22-1
has caused the Debian Bug report #535124,
regarding 2.0.22 fixes several security issues
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
535124: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535124
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: icedove
Severity: grave
Tags: security

Hi,
according to 

http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html#thunderbird2.0.0.22

2.0.20, 2.0.21 and 2.0.22 fix several security issues in thunderbird.
Lenny ships 2.0.19 so it looks vulnerable.
Cheers,
 -- Guido

--- End Message ---

--- Begin Message ---

Source: icedove
Source-Version: 2.0.0.22-1

We believe that the bug you reported is fixed in the latest version of
icedove, which is due to be installed in the Debian FTP archive:

icedove-dbg_2.0.0.22-1_amd64.deb
  to pool/main/i/icedove/icedove-dbg_2.0.0.22-1_amd64.deb
icedove-dev_2.0.0.22-1_amd64.deb
  to pool/main/i/icedove/icedove-dev_2.0.0.22-1_amd64.deb
icedove-gnome-support_2.0.0.22-1_amd64.deb
  to pool/main/i/icedove/icedove-gnome-support_2.0.0.22-1_amd64.deb
icedove_2.0.0.22-1.diff.gz
  to pool/main/i/icedove/icedove_2.0.0.22-1.diff.gz
icedove_2.0.0.22-1.dsc
  to pool/main/i/icedove/icedove_2.0.0.22-1.dsc
icedove_2.0.0.22-1_amd64.deb
  to pool/main/i/icedove/icedove_2.0.0.22-1_amd64.deb
icedove_2.0.0.22.orig.tar.gz
  to pool/main/i/icedove/icedove_2.0.0.22.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 535...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alexander Sack <a...@debian.org> (supplier of updated icedove package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 01 Jul 2009 12:18:03 +0200
Source: icedove
Binary: icedove icedove-gnome-support icedove-dbg icedove-dev
Architecture: source amd64
Version: 2.0.0.22-1
Distribution: unstable
Urgency: low
Maintainer: Ubuntu Mozilla Team <ubuntu-mozillat...@lists.ubuntu.com>
Changed-By: Alexander Sack <a...@debian.org>
Description: 
 icedove    - free/unbranded thunderbird mail/news/rss clone
 icedove-dbg - Debug Symbols for Icedove
 icedove-dev - Development files for Icedove
 icedove-gnome-support - Support for Gnome in Icedove
Closes: 535124
Changes: 
 icedove (2.0.0.22-1) unstable; urgency=low
 .
   * New upstream security/stability update (v2.0.0.21/v2.0.0.22) (Closes: 
535124)
     * MFSA 2009-33: Crash viewing multipart/alternative message with 
text/enhanced part
     * MFSA 2009-32 aka CVE-2009-1841: JavaScript chrome privilege escalation
     * MFSA 2009-29 aka CVE-2009-1838: Arbitrary code execution using event 
listeners
       attached to an element whose owner document is null
     * MFSA 2009-27 aka CVE-2009-1836: SSL tampering via non-200 responses to 
proxy
       CONNECT requests
     * MFSA 2009-24 aka CVE-2009-1832+CVE-2009-1831: Crashes with evidence of 
memory
       corruption (rv:1.9.0.11)
     * MFSA 2009-17 aka CVE-2009-1307: Same-origin violations when Adobe Flash 
loaded
       via view-source: scheme
     * MFSA 2009-14 aka CVE-2009-1303+CVE-2009-1302: Crashes with evidence of 
memory
       corruption (rv:1.9.0.9)
     * MFSA 2009-15 aka CVE-2009-0652: URL spoofing with box drawing character
     * MFSA 2009-10 aka CVE-2009-0040: Upgrade PNG library to fix memory safety 
hazards
     * MFSA 2009-09 aka CVE-2009-0776: XML data theft via RDFXMLDataSource and 
cross-domain
       redirect
     * MFSA 2009-07 aka CVE-2009-0771,-0772,-0773,-0774: Crashes with evidence 
of memory
       corruption (rv:1.9.0.7)
     * MFSA 2009-01 aka CVE-2009-0352,CVE-2009-0353 Crashes with evidence of 
memory
       corruption (rv:1.9.0.6)
   * adjust patches to changed codebase
     - update debian/patches/ubuntu-mail-app-xre-name
Checksums-Sha1: 
 398da416eacbf016c236537c68b70fe7760836c7 2340 icedove_2.0.0.22-1.dsc
 69906157f63eb834f9448113935a54cdd7c57b5a 36965969 icedove_2.0.0.22.orig.tar.gz
 01929d25780e89ff7be061780139c4e65a5086da 119647 icedove_2.0.0.22-1.diff.gz
 3c369a22c26902aef61966ee11165784e50193ba 12322482 icedove_2.0.0.22-1_amd64.deb
 22e4f0f550be6bdeeedd7bfe7ed7b7b0371c1586 58586 
icedove-gnome-support_2.0.0.22-1_amd64.deb
 2043893fc1e3aafb8e7f48da3abc6549bb01df55 57821440 
icedove-dbg_2.0.0.22-1_amd64.deb
 61ac3071f4a3ec9b963c47701e05362e72e8f5c8 3918212 
icedove-dev_2.0.0.22-1_amd64.deb
Checksums-Sha256: 
 0bc9971e58a439c63bea62bf1a3a51ae58f6ef83d50500a030ef36559f683d0c 2340 
icedove_2.0.0.22-1.dsc
 a7807bee77140c93ef335c726609eebb4f35eaec0fc316e309e959dfecf11fa1 36965969 
icedove_2.0.0.22.orig.tar.gz
 6534ec6afad82c254951542818157a9ddb0ec6bbec4cc4f772f21106d24b38ee 119647 
icedove_2.0.0.22-1.diff.gz
 d3cf7639c660655add32b0f120a1c5bf9724730eb7e19bb4a4b7abca1f81c222 12322482 
icedove_2.0.0.22-1_amd64.deb
 c265a06a449b3126f1c05a75a5d2f16acff1a5f2a6de71774a29d6d76a91f0d0 58586 
icedove-gnome-support_2.0.0.22-1_amd64.deb
 67506d771998b1872803bc4c76376b68918aacacfd27246f6d9052080bed936e 57821440 
icedove-dbg_2.0.0.22-1_amd64.deb
 a234e0af1c812ff7d896479956c76a5a27d8df91beb9cf2f1ebd3f2a19bee07f 3918212 
icedove-dev_2.0.0.22-1_amd64.deb
Files: 
 cc10cb12e7c174d4c8a5c87698fcc78d 2340 mail optional icedove_2.0.0.22-1.dsc
 8e0ffafaece0680a42c0cb11ff34c64a 36965969 mail optional 
icedove_2.0.0.22.orig.tar.gz
 d37562ffa218b4cf1730a27fddd9857d 119647 mail optional 
icedove_2.0.0.22-1.diff.gz
 b36503cfc9345d9fea402c8b6f21e7df 12322482 mail optional 
icedove_2.0.0.22-1_amd64.deb
 69d09de772a749cf287f43b38a4762a0 58586 mail optional 
icedove-gnome-support_2.0.0.22-1_amd64.deb
 443811e9f4a8a010773660dccaf8bf9a 57821440 mail optional 
icedove-dbg_2.0.0.22-1_amd64.deb
 2db8c1314bf950d4cb347b4a28f775d3 3918212 mail optional 
icedove-dev_2.0.0.22-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQIcBAEBAgAGBQJKS1XdAAoJEKBE/gcUDGZkSrQP+gKpjWHUpJylsqKEeI89TaoA
mkJqHhL6J74A8dzfrKBbewAlaUdHLfxo5LzHrMytP+ef7+68evtLROKjZFi2cwLT
Tj+d4jU5OnqYO5bsi3DkfXJ8PkE/tLujgBsuB0TOyrzV1DO+Sn1rccR2AQQoCYBy
76VtmFa4SGEgMylzZPvDFTN/a1y0iFncLWBMq3bdmvXaj72eaASdeg2yKT2VMWet
hl8SagLSHcUDJNMWFUqXyNE69uxxmce4WcnaGGNv5mJwbw2GwD4WNUYisZXYJzt/
4Vl7KFE9dGmzFLlNouR8BOSgJgDI/QQYSSplxnT2je6HAZ+75Mm5wKLviXoSYQbc
upXKkQ5/12Nka9+1cdG0s7Vyvv6wadTmzU9fzip8BI26HHRS1SSH6+OvB7Ul24gh
3s/GNtPEqOQ/Q4gSv4FH5O9wE0maCcdlAD0/CU75CCD5LoBq+a2Pje5oByPsP/Fi
D/553YmY6hUXe3vgRE8VKCR9QPSwVI8yo/ywmJMOpYPrz37z2TpmqIauuSd5aPPl
1OupF0ePsUVFvJtE8cFW95tBfRGQb+SFAB89bkmOrSfeNBOajK92qAg4bKj+T/f+
PJUJZhMrUxc4H1wGPOtoSPSnDFOQZY4xjUiUImIpJELhfHhqoAOVZ9c5ajZrIpvK
3y0nWAoxJxtcUlLgF7UD
=e51i
-----END PGP SIGNATURE-----

--- End Message ---