| Summary: | Iceape: Multiple security updates in seamonkey 2.49.3 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Bill Wilkinson <wrw105> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, cjw, davidwhodgins, marja11, sysadmin-bugs, tarazed25, tmb, wrw105 |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | mga6-64-ok has_procedure mga6-32-ok | ||
| Source RPM: | CVE: | ||
| Status comment: | |||
|
Description
Bill Wilkinson
2018-05-30 17:09:50 CEST
Assigning to the registered maintainer, who is probably already working on it (he pushed iceape-2.49.3-1.mga7 to cauldron some hours ago). Component:
RPM Packages =>
Security updated packages are available for testing: SRPM: iceape-2.49.3-1.mga6.src.rpm RPMS: iceape-2.49.3-1.mga6.i586.rpm iceape-2.49.3-1.mga6.x86_64.rpm iceape-2.49.3-1.mga6.armv5tl.rpm iceape-2.49.3-1.mga6.armv7hl.rpm Advisory: Updated iceape packages include security fixes from upstream Seamonkey and Firefox: Multiple flaws were found in the way Iceape 2.49.1 processes various types of web content, where loading a web page containing malicious content could cause Iceape to crash, execute arbitrary code, or disclose sensitive information. (CVE-2018-5089,CVE-2018-5091,CVE-2018-5095,CVE-2018-5096,CVE-2018-5097,CVE-2018-5098,CVE-2018-5099,CVE-2018-5102,CVE-2018-5103,CVE-2018-5104,CVE-2018-5117,CVE-2018-5125,CVE-2018-5127,CVE-2018-5129,CVE-2018-5130,CVE-2018-5131,CVE-2018-5144,CVE-2018-5145,CVE-2018-5148,CVE-2018-5150,CVE-2018-5154,CVE-2018-5155,CVE-2018-5157,CVE-2018-5158,CVE-2018-5159,CVE-2018-5168,CVE-2018-5178,CVE-2018-5183,CVE-2018-6126) References: https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-10/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5117 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5127 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5130 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5131 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5148 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5157 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5158 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6126 Assignee:
cjw =>
qa-bugs Tested mga6-64: Browser: general browsing, jetstream, acid3 (99%, same as Firefox, not surprisingly), youtube video, javatester for plugin, all OK email: Send/recieve/move/delete under SMTP/IMAP all OK. CC:
(none) =>
wrw105 tested mga6-32 as above under virtualbox. All OK Whiteboard:
MGA5TOO mga6-64-ok has_procedure =>
MGA5TOO mga6-64-ok has_procedure mga6-32-ok On the basis of Bill Wilkinson's tests, this update could be validated for MGA6. But, the packages for MGA5 are still needed before validation can take place. CC:
(none) =>
andrewsfarm Mageia 5, x86_64 Updated all repositories but MageiaUpdate could not find Iceape. Commandline search failed also. # urpmi --search-media Testing iceape No package named iceape The latest version for mga5 appears to be 2.49.1.3: # urpmq -i iceape | grep mga5 [...] Release : 1.mga5 Source RPM : iceape-2.46-1.mga5.src.rpm Release : 1.mga5 Source RPM : iceape-2.48-1.mga5.src.rpm Release : 3.mga5 Source RPM : iceape-2.49.1-3.mga5.src.rpm rpmfind agrees. Not pushed to updates testing yet? CC:
(none) =>
tarazed25 Re-assigning back to Christiaan. Please reassign back to qa when the mga5 update has been pushed, or remove the mga5too whiteboard tag. CC:
(none) =>
davidwhodgins Sorry, I did not notice the mga5 tag (obviously). Anyway, I now removed the MGA5TOO whiteboard tag since I can't get this package to build on the build system for i586 mga5. Whiteboard:
MGA5TOO mga6-64-ok has_procedure mga6-32-ok =>
mga6-64-ok has_procedure mga6-32-ok As the MGATOO tag has been removed, this update can now be validated for Mageia 6. Suggested advisory in Comment 2. Keywords:
(none) =>
validated_update
Thomas Backlund
2018-08-15 17:14:18 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0338.html Status:
NEW =>
RESOLVED |