Iceape's upstream released seamonkey 2.48 which fixes several security issues, see https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/ and probably also https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/
Whiteboard: (none) => MGA5TOO
Packages are available for testing: MGA5 SRPM: iceape-2.48-1.mga5.src.rpm RPMS: iceape-2.48-1.mga5.i586.rpm iceape-2.48-1.mga5.x86_64.rpm MGA6 SRPM: iceape-2.48-1.mga6.src.rpm RPMS: iceape-2.48-1.mga6.i586.rpm iceape-2.48-1.mga6.x86_64.rpm iceape-2.48-1.mga6.armv7hl.rpm <armv5tl still building> Advisory: Updated Iceape packages include security fixes from upstream Seamonkey: Multiple flaws were found in the way Iceape 2.46 processes various types of web content, where loading a web page containing malicious content could cause Iceape to crash, execute arbitrary code, or disclose sensitive information. (CVE-2016-5287, CVE-2016-5288, CVE-2016-5289, CVE-2016-5290, CVE-2016-5292, CVE-2016-5297, CVE-2016-9064, CVE-2016-9066, CVE-2016-9067, CVE-2016-9068, CVE-2016-9075, CVE-2016-9077, CVE-2016-5291, CVE-2016-9063, CVE-2016-9070, CVE-2016-9071, CVE-2016-9073, CVE-2016-9076, CVE-2016-9078, CVE-2016-9080, CVE-2016-9893, CVE-2016-9894, CVE-2016-9895, CVE-2016-9896, CVE-2016-9897, CVE-2016-9898, CVE-2016-9899, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9903, CVE-2016-9904, CVE-2017-5373, CVE-2017-5374, CVE-2017-5375, CVE-2017-5376, CVE-2017-5377, CVE-2017-5378, CVE-2017-5379, CVE-2017-5380, CVE-2017-5381, CVE-2017-5382, CVE-2017-5383, CVE-2017-5384, CVE-2017-5385, CVE-2017-5386, CVE-2017-5387, CVE-2017-5388, CVE-2017-5389, CVE-2017-5390, CVE-2017-5391, CVE-2017-5393, CVE-2017-5396) References: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-91/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/ https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5292 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9067 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9068 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9075 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9070 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9071 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9073 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9078 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9080 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9894 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9896 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9903 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5374 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5381 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
CC: (none) => cjwAssignee: cjw => qa-bugs
Tested mga6-64 Browser: General browsing jetstream for javascript Acid3 for general use Javatester for plugins watched a video all OK Mail: Added lightning Imap/Smtp send/receive/move/delete all OK chatzilla connected to freenode all OK
CC: (none) => wrw105Whiteboard: MGA5TOO => MGA5TOO mga6-64-ok
Installed and tested without issues. System: Mageia 5, x86_64, Plasma, Intel CPU, nVidia GPU with proprietary driver nvidia340. For web browsing: - video, audio, webgl, acid3, java plugin, flash plugin; - rendering and behaviour of general sites; - install, remove and use add-ons (e.g. adblock plus); - enable language packs. For address book: - imported and export from/to a vcf file with lots of contacts; - created, edit and delete contacts. For email: - setup SMTP, IMAP and POP accounts; - view, send, receive, edit, and delete emails; - sign, encrypt and decrypt with enigmail. For composer: - Quick editing. $ uname -a Linux marte 4.4.82-desktop-1.mga5 #1 SMP Sun Aug 13 18:03:58 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ rpm -q iceape iceape-2.48-1.mga5
Whiteboard: MGA5TOO mga6-64-ok => MGA5TOO mga6-64-ok MGA5-64-OKCC: (none) => mageia
Thank you both, Bill & PCLX, for the tests. Advisory uploaded; validating.
Whiteboard: MGA5TOO mga6-64-ok MGA5-64-OK => MGA5TOO mga6-64-ok MGA5-64-OK advisoryKeywords: (none) => validated_updateCC: (none) => lewyssmith, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0323.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED