Multiple security updates in seamonkey 2.49.3
Assigning to the registered maintainer, who is probably already working on it (he pushed iceape-2.49.3-1.mga7 to cauldron some hours ago).
Component: RPM Packages => SecurityWhiteboard: (none) => MGA5TOOQA Contact: (none) => securityCC: (none) => marja11Assignee: bugsquad => cjw
updated packages are available for testing: SRPM: iceape-2.49.3-1.mga6.src.rpm RPMS: iceape-2.49.3-1.mga6.i586.rpm iceape-2.49.3-1.mga6.x86_64.rpm iceape-2.49.3-1.mga6.armv5tl.rpm iceape-2.49.3-1.mga6.armv7hl.rpm Advisory: Updated iceape packages include security fixes from upstream Seamonkey and Firefox: Multiple flaws were found in the way Iceape 2.49.1 processes various types of web content, where loading a web page containing malicious content could cause Iceape to crash, execute arbitrary code, or disclose sensitive information. (CVE-2018-5089,CVE-2018-5091,CVE-2018-5095,CVE-2018-5096,CVE-2018-5097,CVE-2018-5098,CVE-2018-5099,CVE-2018-5102,CVE-2018-5103,CVE-2018-5104,CVE-2018-5117,CVE-2018-5125,CVE-2018-5127,CVE-2018-5129,CVE-2018-5130,CVE-2018-5131,CVE-2018-5144,CVE-2018-5145,CVE-2018-5148,CVE-2018-5150,CVE-2018-5154,CVE-2018-5155,CVE-2018-5157,CVE-2018-5158,CVE-2018-5159,CVE-2018-5168,CVE-2018-5178,CVE-2018-5183,CVE-2018-6126) References: https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-10/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5117 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5127 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5130 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5131 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5148 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5157 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5158 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6126
Assignee: cjw => qa-bugsCC: (none) => cjw
Tested mga6-64: Browser: general browsing, jetstream, acid3 (99%, same as Firefox, not surprisingly), youtube video, javatester for plugin, all OK email: Send/recieve/move/delete under SMTP/IMAP all OK.
CC: (none) => wrw105Whiteboard: MGA5TOO => MGA5TOO mga6-64-ok has_procedure
tested mga6-32 as above under virtualbox. All OK
Whiteboard: MGA5TOO mga6-64-ok has_procedure => MGA5TOO mga6-64-ok has_procedure mga6-32-ok
On the basis of Bill Wilkinson's tests, this update could be validated for MGA6. But, the packages for MGA5 are still needed before validation can take place.
CC: (none) => andrewsfarm
Mageia 5, x86_64 Updated all repositories but MageiaUpdate could not find Iceape. Commandline search failed also. # urpmi --search-media Testing iceape No package named iceape The latest version for mga5 appears to be 2.49.1.3: # urpmq -i iceape | grep mga5 [...] Release : 1.mga5 Source RPM : iceape-2.46-1.mga5.src.rpm Release : 1.mga5 Source RPM : iceape-2.48-1.mga5.src.rpm Release : 3.mga5 Source RPM : iceape-2.49.1-3.mga5.src.rpm rpmfind agrees. Not pushed to updates testing yet?
CC: (none) => tarazed25
Re-assigning back to Christiaan. Please reassign back to qa when the mga5 update has been pushed, or remove the mga5too whiteboard tag.
CC: (none) => davidwhodginsAssignee: qa-bugs => cjw
Sorry, I did not notice the mga5 tag (obviously). Anyway, I now removed the MGA5TOO whiteboard tag since I can't get this package to build on the build system for i586 mga5.
Whiteboard: MGA5TOO mga6-64-ok has_procedure mga6-32-ok => mga6-64-ok has_procedure mga6-32-okAssignee: cjw => qa-bugs
As the MGATOO tag has been removed, this update can now be validated for Mageia 6. Suggested advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0338.html
Status: NEW => RESOLVEDResolution: (none) => FIXED