Seamonkey 2.19 has been released with multiple security updates.
CC: (none) => cjwAssignee: bugsquad => cjwSummary: multiple security updates in IceApe 2.19 => iceape multiple security issues fixed in IceApe 2.19
OpenSuSE has issued an advisory for this today (July 11): http://lists.opensuse.org/opensuse-updates/2013-07/msg00041.html
ping
CC: (none) => wrw105
Fixed in Cauldron in iceape-2.19-1.mga4.
Whiteboard: (none) => MGA2TOO
Summary: iceape multiple security issues fixed in IceApe 2.19 => iceape multiple security issues fixed in IceApe 2.20 from SeaMonkey 2.20
I just noticed this morning that SeaMonkey 2.20 has been released. The summary is updated accordingly.
Version: 3 => CauldronWhiteboard: MGA2TOO => MGA3TOO, MGA2TOO
Fixed in Cauldron in iceape-2.20-1.mga4.
Version: Cauldron => 3Whiteboard: MGA3TOO, MGA2TOO => MGA2TOO
The newest upstream is now 2.21. We really should consider dropping this package if we can't support it with updates any longer.
CC: (none) => sysadmin-bugsVersion: 3 => CauldronSummary: iceape multiple security issues fixed in IceApe 2.20 from SeaMonkey 2.20 => iceape multiple security issues fixed in IceApe 2.21 from SeaMonkey 2.21Whiteboard: MGA2TOO => MGA3TOO, MGA2TOO
Yes, I agree.. Yet another unsecure browser we are dragging along.. :/
CC: (none) => mageia
CC: (none) => eeeemail
Upstream is now up to version 2.22. The updated nspr and nss packages that it requires are now officially in QA with the Firefox 24.1.0 update in Bug 11370.
Depends on: (none) => 11370Summary: iceape multiple security issues fixed in IceApe 2.21 from SeaMonkey 2.21 => iceape multiple security issues fixed in IceApe 2.22 from SeaMonkey 2.22
iceape-2.22-1.mga4 uploaded for Cauldron. Christiaan, feel free to backport to Mageia 2 and Mageia 3, now that Cauldron has been updated, and we've pushed the nspr and nss updates for Mageia 2 and 3.
Updated packages are ready for testing: Source RPM: iceape-2.22-1.mga3.src.rpm Binary RPMs: iceape-2.22-1.mga3.i586.rpm iceape-2.22-1.mga3.x86_64.rpm Proposed advisory: Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2013-1682) Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2013-1683) Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site. (CVE-2013-1684) Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site. (CVE-2013-1685) Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. (CVE-2013-1686) The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site. (CVE-2013-1687) Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location. (CVE-2013-1690) Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site. (CVE-2013-1692) The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by observing timing differences in execution of filter code. (CVE-2013-1693) The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by leveraging unintended clearing of the wrapper cache's preserved-wrapper flag. (CVE-2013-1694) Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element. (CVE-2013-1695) Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses. (CVE-2013-1696) The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method. (CVE-2013-1697) The Internationalized Domain Name (IDN) display algorithm in Mozilla Firefox before 22.0 does not properly handle the .com, .name, and .net top-level domains, which allows remote attackers to spoof the address bar via unspecified homograph characters. (CVE-2013-1699) Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2013-1701) Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2013-1702) Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the time of a SetBody mutation event. (CVE-2013-1704) Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request. (CVE-2013-1705) Stack-based buffer overflow in maintenanceservice.exe in the Mozilla Maintenance Service in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line. (CVE-2013-1706) Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line to the Mozilla Maintenance Service. (CVE-2013-1707) Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function. (CVE-2013-1708) Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving spoofing a relative location in a previously visited document. (CVE-2013-1709) The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks via vectors related to Certificate Request Message Format (CRMF) request generation. (CVE-2013-1710) The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging access to an unprivileged object. (CVE-2013-1711) Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks or install arbitrary add-ons via a crafted web site. (CVE-2013-1713) The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via unspecified vectors. (CVE-2013-1714) Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname. (CVE-2013-1717) Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2013-1718) Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2013-1719) The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer over-read) by triggering use of this stack in its empty state. (CVE-2013-1720) Integer overflow in the drawLineLoop function in the libGLESv2 library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 24.0 and SeaMonkey before 2.21, allows remote attackers to execute arbitrary code via a crafted web site. (CVE-2013-1721) Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving stylesheet cloning. (CVE-2013-1722) The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after widget-memory reallocation. (CVE-2013-1723) Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a destroyed SELECT element. (CVE-2013-1724) Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by leveraging incorrect scope handling. (CVE-2013-1725) The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors. (CVE-2013-1728) Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site. (CVE-2013-1730) Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats within a multi-column layout. (CVE-2013-1732) Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via vectors related to image-document scrolling. (CVE-2013-1735) The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to improperly establishing parent-child relationships of range-request nodes. (CVE-2013-1736) Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. (CVE-2013-1737) Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration. (CVE-2013-1738) Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2013-5592) Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2013-5591) Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2013-5590) The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct clickjacking attacks via vectors that trigger navigation off of a page containing this element. (CVE-2013-5593) The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via crafted documents. (CVE-2013-5604) The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct buffer overflow attacks via a crafted web page. (CVE-2013-5595) The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial of service (race condition and application crash) via a large HTML document containing IMG elements, as demonstrated by the Never-Ending Reddit on reddit.com. (CVE-2013-5596) Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a state-change event during an update of the offline cache. (CVE-2013-5597) Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a CANVAS element, a mozTextStyle attribute, and an onresize event. (CVE-2013-5599) Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors involving a blob: URL. (CVE-2013-5600) Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors related to a memory allocation through the garbage collection (GC) API. (CVE-2013-5601) The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to direct proxies. (CVE-2013-5602) Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving HTML document templates. (CVE-2013-5603) References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1682 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1683 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1684 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1685 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1686 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1693 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1694 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1695 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1696 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1697 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1699 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1701 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1706 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1707 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1708 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1710 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1711 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1713 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1714 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1717 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1719 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1722 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1723 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1724 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1725 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1728 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1730 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1732 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1735 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1736 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1737 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5590 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5591 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5592 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5593 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5595 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5596 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5597 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5599 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5600 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5601 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5602 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5603 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5604 http://www.mozilla.org/security/announce/2013/mfsa2013-49.html http://www.mozilla.org/security/announce/2013/mfsa2013-50.html http://www.mozilla.org/security/announce/2013/mfsa2013-51.html http://www.mozilla.org/security/announce/2013/mfsa2013-53.html http://www.mozilla.org/security/announce/2013/mfsa2013-54.html http://www.mozilla.org/security/announce/2013/mfsa2013-55.html http://www.mozilla.org/security/announce/2013/mfsa2013-56.html http://www.mozilla.org/security/announce/2013/mfsa2013-57.html http://www.mozilla.org/security/announce/2013/mfsa2013-58.html http://www.mozilla.org/security/announce/2013/mfsa2013-59.html http://www.mozilla.org/security/announce/2013/mfsa2013-61.html http://www.mozilla.org/security/announce/2013/mfsa2013-63.html http://www.mozilla.org/security/announce/2013/mfsa2013-64.html http://www.mozilla.org/security/announce/2013/mfsa2013-65.html http://www.mozilla.org/security/announce/2013/mfsa2013-66.html http://www.mozilla.org/security/announce/2013/mfsa2013-67.html http://www.mozilla.org/security/announce/2013/mfsa2013-68.html http://www.mozilla.org/security/announce/2013/mfsa2013-69.html http://www.mozilla.org/security/announce/2013/mfsa2013-70.html http://www.mozilla.org/security/announce/2013/mfsa2013-72.html http://www.mozilla.org/security/announce/2013/mfsa2013-73.html http://www.mozilla.org/security/announce/2013/mfsa2013-75.html http://www.mozilla.org/security/announce/2013/mfsa2013-76.html http://www.mozilla.org/security/announce/2013/mfsa2013-77.html http://www.mozilla.org/security/announce/2013/mfsa2013-78.html http://www.mozilla.org/security/announce/2013/mfsa2013-79.html http://www.mozilla.org/security/announce/2013/mfsa2013-80.html http://www.mozilla.org/security/announce/2013/mfsa2013-81.html http://www.mozilla.org/security/announce/2013/mfsa2013-82.html http://www.mozilla.org/security/announce/2013/mfsa2013-85.html http://www.mozilla.org/security/announce/2013/mfsa2013-88.html http://www.mozilla.org/security/announce/2013/mfsa2013-89.html http://www.mozilla.org/security/announce/2013/mfsa2013-90.html http://www.mozilla.org/security/announce/2013/mfsa2013-91.html http://www.mozilla.org/security/announce/2013/mfsa2013-92.html http://www.mozilla.org/security/announce/2013/mfsa2013-93.html http://www.mozilla.org/security/announce/2013/mfsa2013-94.html http://www.mozilla.org/security/announce/2013/mfsa2013-95.html http://www.mozilla.org/security/announce/2013/mfsa2013-96.html http://www.mozilla.org/security/announce/2013/mfsa2013-97.html http://www.mozilla.org/security/announce/2013/mfsa2013-98.html http://www.mozilla.org/security/announce/2013/mfsa2013-100.html http://www.mozilla.org/security/announce/2013/mfsa2013-101.html http://www.mozilla.org/security/announce/2013/mfsa2013-102.html
Status: NEW => ASSIGNEDAssignee: cjw => qa-bugs
Assigning back to Christiaan. The update for Mageia 2 is missing.
CC: cjw => qa-bugsAssignee: qa-bugs => cjw
CC: eeeemail => (none)
The Mageia 2 update is now available. Thanks Christiaan!
CC: (none) => cjwAssignee: cjw => qa-bugsSeverity: normal => critical
Tested mga3-64 Navigator: General browsing-OK YouTube flash-OK sunspider javascript-OK Javatester java-OK Messenger: Send/receive SMTP/IMAP-OK Lightning use-OK Move/delete IMAP-OK Chatzilla Connected to freenode and dropped in on #mageia-qa. OK
Whiteboard: MGA2TOO => MGA2TOO mga3-64-ok
Tested mga3-32 as in comment 13. All OK.
Whiteboard: MGA2TOO mga3-64-ok => MGA2TOO mga3-64-ok mga3-32-ok
Advisory uploaded. SRPM for mga2 packages is iceape-2.22-1.mga2 procedure in comment 13
Whiteboard: MGA2TOO mga3-64-ok mga3-32-ok => MGA2TOO advisory has_procedure mga3-64-ok mga3-32-ok
Binary RPMs: iceape-2.22-1.mga2.i586.rpm iceape-2.22-1.mga2.x86_64.rpm
Mga2-32 tested as in comment 13. OK. As I don't have a mga2-64 setup, I'll leave that one to someone else.
Whiteboard: MGA2TOO advisory has_procedure mga3-64-ok mga3-32-ok => MGA2TOO advisory has_procedure mga3-64-ok mga3-32-ok mga2-32-ok
Testing complete mga2 64 Validating. Could sysadmin please push from 2&3 core/updates_testing to updates Thanks!
Keywords: (none) => validated_updateWhiteboard: MGA2TOO advisory has_procedure mga3-64-ok mga3-32-ok mga2-32-ok => MGA2TOO advisory has_procedure mga3-64-ok mga3-32-ok mga2-32-ok mga2-64-ok
2.22.1 has been released upstream, fixing a couple of minor issues: http://www.seamonkey-project.org/releases/seamonkey2.22/changes Christiaan, would you like to update to 2.22.1? Especially since this is the last week of support for Mageia 2, it might be nice to have those fixes in the final update.
CC: (none) => luigiwalser
I'd rather say no: it's too late already in my opinion. QA won't have time to validate a new iceape update and would have validated this one in a hurry for nothing. Let's keep the minor issues, if they are minor.
CC: (none) => stormi
I don't believe that testing this took an extraordinarily long time. If we can provide the additional fixes (note that this update hasn't been pushed yet), it would be nice.
Well, nothing prevents from trying, but since it will be a bugfix update it will be treated after all the security updates that are being handled at the moment :)
As long as it hasn't been pushed yet, it's still a security update.
Let's push this one please, we have more than enough other updates.
If we replace 2.22 with 2.22.1 and start testing over, there are chances that no update is pushed at all before Friday. That's risky :)
I can guarantee it ;)
Thanks for making the decision for Christiaan. I guess I don't need to waste my time trying to help ensure we provide the highest quality updates for our users.
We have more than enough to do before Friday without adding to it, sorry.
@David: it's only 1 bugfix, spell checking getting disabled in mail+news in some circumstances. Certainly not nice but not a real showstopper either so pushing 2.22 is OK with me. And I agree if friday is a deadline iceape 2.22.1 is not going to make it.
Update pushed: http://advisories.mageia.org/MGASA-2013-0329.html
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED