Iceape's upstream released seamonkey 2.49.1 which fixes several security issues. It is based on firefox's 52 branch so all Firefox 52ESR security fixes can be applied to this iceape version as well.
CC: (none) => cjwWhiteboard: (none) => MGA5TOOStatus: NEW => ASSIGNED
Updated packages are available for testing: MGA5 SRPM: iceape-2.49.1-2.mga5.src.rpm RPMS: iceape-2.49.1-2.mga5.i586.rpm iceape-2.49.1-2.mga5.x86_64 MGA6 SRPM: iceape-2.49.1-2.mga6.src.rpm RPMS: iceape-2.49.1-2.mga6.i586.rpm iceape-2.49.1-2.mga6.x86_64 iceape-2.49.1-2.mga6.armv5tl.rpm iceape-2.49.1-2.mga6.armv7hl.rpm Proposed advisory: Updated iceape packages include security fixes from upstream Seamonkey and Firefox: Multiple flaws were found in the way Iceape 2.48 processes various types of web content, where loading a web page containing malicious content could cause Iceape to crash, execute arbitrary code, or disclose sensitive information. (CVE-2016-10196,CVE-2017-5398,CVE-2017-5399,CVE-2017-5400,CVE-2017-5401,CVE-2017-5402,CVE-2017-5403,CVE-2017-5404,CVE-2017-5405,CVE-2017-5406,CVE-2017-5407,CVE-2017-5409,CVE-2017-5410,CVE-2017-5411,CVE-2017-5408,CVE-2017-5412,CVE-2017-5413,CVE-2017-5414,CVE-2017-5415,CVE-2017-5416,CVE-2017-5417,CVE-2017-5425,CVE-2017-5426,CVE-2017-5427,CVE-2017-5418,CVE-2017-5419,CVE-2017-5420,CVE-2017-5421,CVE-2017-5422,CVE-2017-5429,CVE-2017-5430,CVE-2017-5432,CVE-2017-5433,CVE-2017-5434,CVE-2017-5435,CVE-2017-5436,CVE-2017-5438,CVE-2017-5439,CVE-2017-5440,CVE-2017-5441,CVE-2017-5442,CVE-2017-5443,CVE-2017-5444,CVE-2017-5445,CVE-2017-5446,CVE-2017-5447,CVE-2017-5448,CVE-2017-5449,CVE-2017-5451,CVE-2017-5454,CVE-2017-5455,CVE-2017-5456,CVE-2017-5459,CVE-2017-5460,CVE-2017-5461,CVE-2017-5462,CVE-2017-5464,CVE-2017-5465,CVE-2017-5466,CVE-2017-5467,CVE-2017-5469,CVE-2017-5470,CVE-2017-5472,CVE-2017-7749,CVE-2017-7750,CVE-2017-7751,CVE-2017-7752,CVE-2017-7753,CVE-2017-7754,CVE-2017-7755,CVE-2017-7756,CVE-2017-7757,CVE-2017-7758,CVE-2017-7760,CVE-2017-7761,CVE-2017-7763,CVE-2017-7764,CVE-2017-7765,CVE-2017-7766,CVE-2017-7767,CVE-2017-7768,CVE-2017-7778,CVE-2017-7779,CVE-2017-7782,CVE-2017-7784,CVE-2017-7785,CVE-2017-7786,CVE-2017-7787,CVE-2017-7791,CVE-2017-7792,CVE-2017-7793,CVE-2017-7798,CVE-2017-7800,CVE-2017-7801,CVE-2017-7802,CVE-2017-7803,CVE-2017-7804,CVE-2017-7805,CVE-2017-7807,CVE-2017-7809,CVE-2017-7810,CVE-2017-7814,CVE-2017-7818,CVE-2017-7819,CVE-2017-7823,CVE-2017-7824,CVE-2017-7825,CVE-2017-7826,CVE-2017-7828,CVE-2017-7830,CVE-2017-7843,CVE-2017-7845) References: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/ https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/ https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/ https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/ https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/ https://www.mozilla.org/en-US/security/advisories/mfsa2017-28/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5399 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5411 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5413 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5425 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5426 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5427 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5429 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5430 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5432 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5434 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5435 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5436 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5438 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5439 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5440 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5441 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5442 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5443 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5444 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5445 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5446 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5451 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5454 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5455 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5456 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5459 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5460 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5464 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5466 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5467 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7755 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7763 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7765 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7768 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7804 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7805 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7810 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7818 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7819 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7823 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7824 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7825 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7826 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7843 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7845
Assignee: cjw => qa-bugs
MGA5-32 on Dell Latitude D600 Xfce No installation issues At first start iceape imported my Thunderbird settings, none bookmarks of Firefox. I could send an e-mail from iceape and browse the Mageia pages. OK for me
CC: (none) => herman.viaeneWhiteboard: MGA5TOO => MGA5TOO MGA5-32-OK
Testing M5 x64 Installed issued version, started browser 'Navigator' which immediately & correctly complained about needing to be updated. Which I did from Updates Testing. AFTER update to: iceape-2.49.1-2.mga5 This thing is a shambles. It is supposed to offer: This packages contains the web browser ("navigator"), a WYSIWYG HTML editor ("composer"), and also: "mail": an e-mail client, news reader, and address book "irc": the chatzilla IRC client There is only one binary 'iceape'; but menu items for the following applications: - IceApe Address Book This works. Common closure problem noted below. - IceApe News Brings up the e-mail program [mail], which works: I configured an e-mail account, and sent & received msgs on it. Common closure problem, below. No sign of a separate 'news reader' application. Perhaps this e-mail component does that. - IceApe Navigator The browser, which works: I am using it. I have tried all sorts of normal usage, including video with sound, all OK. Also configuring it. It is the target of the common closure problem. - ChatZilla *Does not exist* [irc]. Brings up the browser [navigator]. - IceApe Composer Brings up an HTML editor which works. Common closure problem. The application closure problem ------------------------------- What I describe I have only tried with the browser running, which I could not close because this report is being done with it... The Address Book, E-mail and Composer programs do not close properly: - Ctrl/Q - File -> Quit *both* divert to the browser, and pop up a dialogue asking about saving the open tabs before ending it. OTOH - Window close button 'X' - Alt/F4 both *do* work. This needs some work before an OK. Hence the feedback request.
Keywords: (none) => advisory, feedbackCC: (none) => lewyssmith
I see that the e-mail program *is* for news feeds also. I have just tested *without* the browser Navigator running, under KDE as previously (but not stated): - Address book - E-mail/News - Composer and all 3 *did* behave=end properly for Ctrl/Q and File->Quit. Hope this helps. Do you want bugs for that problem; and the lack of 'chat'?
Thanks for testing! About chatzilla, I noticed it disappeared and removed it from the package description in cauldron (forgot about mga6&mga5). The thing you're complaining about is the desktop entry, which is more important than a package description. I'll remove this obsolete desktop entry (in cauldron at least). iceape/seamonkey is one big application: the browser, mail&news, and HTML editor windows are not separate applications/processes. The different desktop entries can be confusing but this is a way to advertise the different features of iceape. Specifically, CTRL-Q/File->Quit quits the whole iceape application, so the behavior you describe is correct. Note that this is a (security) update - problems that already existed in the previous version (or specifically the original version in the stable mageia release) can be ignored.
Thank you Christiaan for your explanations. I see that the curious sub-application closure problem was always there, so we can ignore. > The thing you're complaining about is the desktop entry, which is more > important than a package description. I'll remove this obsolete desktop > entry (in cauldron at least). It is certainly wrong to see: - in the package description: "irc": the chatzilla IRC client - in the menus, enries for the 'chat' client which no longer exists. If it would be easy to re-make these packages without these redundant references, please do so (needs a sub-version bump). If you feel it is not worth it, please say so here, and we will pass the packages as-are. Trivial though this is, to a new M6 user (or existing user with the IRC client) it would matter - and warrant bugs. > About chatzilla, I noticed it disappeared If it is so that the previous version of iceape *had* the IRC client (I can revert & see), its disappearance also needs mentioning in the Advisory. Do you agree?
Christiaan has removed the references to Chatzilla in the package. iceape-2.49.1-3.mga5 iceape-2.49.1-3.mga6 from SRPMS: iceape-2.49.1-3.mga5.src.rpm iceape-2.49.1-3.mga6.src.rpm
Keywords: advisory, feedback => (none)Whiteboard: MGA5TOO MGA5-32-OK => MGA5TOO
CC: (none) => davidwhodginsKeywords: (none) => advisory
Installed iceape 2.48.x into 64-bit Mageia 5, and worked on setting it up. Thunderbird settings were imported automatically, and Firefox bookmarks imported. I had to go back in time nearly 15 years for this one. Iceape/SeaMonkey works much like the old Netscape suite, before Mozilla split it off into Firefox and Thunderbird. A few points: Herman, Iceape can import bookmarks from Firefox, but it isn't automatic. You have to export them from Firefox as an HTML file, then import them from Iceape. Lewis, "News" is what became Thunderbird. It is both an email client and a newsgroup client. I haven't run into the window closure problem you mention, but then as yet I have not used it very much. Chatzilla is still available as a browser extension, but it is a "legacy" extension, so as with Firefox, even if it works now it probably won't after the next iceape update. After updating to version 2.49.1-3, the first window I opened was the browser, and that took me directly to the release notes. Lots of information there, including a notice that Chatzilla is no longer included. I looked at some web pages, read some newsgroup messages, attempted unsuccessfully to find an ad blocker extension that would work, and left. This app appears to be working as designed. Giving it the OK for MGA5-64
CC: (none) => andrewsfarmWhiteboard: MGA5TOO => MGA5TOO MGA5-64-OK
The Mageia 64-bit version acts the same. Giving it the OK, too.
Whiteboard: MGA5TOO MGA5-64-OK => MGA5TOO MGA5-64-OK MGA6-64-OK
Installed new version, surfed and checked and sent mail. OK to me.
Whiteboard: MGA5TOO MGA5-64-OK MGA6-64-OK => MGA5TOO MGA5-64-OK MGA6-64-OK MGA5-32-OK
(In reply to David Walser from comment #7) > Christiaan has removed the references to Chatzilla in the package. Thank you for that. And sorry for so much noise about it. Last look at : iceape-2.49.1-3.mga6 The 'chatzilla' menu entry has indeed gone. Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0018.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED