This CVE is fixed in Seamonkey 2.7. The Cauldron package is also affected.
Hi, thanks for reporting this bug. Assigned to the package maintainer. (I guess we have a lot of other sec fix missing for iceape) (Please set the status to 'assigned' if you are working on it)
Keywords: (none) => TriagedCC: (none) => doktor5000Assignee: bugsquad => cjw
Florian has notified me that this old version of Iceape is not vulnerable to particular CVE: https://bugs.mageia.org/show_bug.cgi?id=4512#c4 However, it is vulnerable to others and still should be updated.
Ping ?
ping ?
It may be not susceptible to this particular CVE, but from a short look maybe to 3 or 4 *dozens* of other vulnerabilities. As i've written in my mail about iceape on -dev mailing list, i've updated it locally to the -then-recent version 2.7.2, and attached the svn diff, but didn't commit yet due to the new version causing freezes when closing tabs with middle mouse click, which is what i'd call a serious regression. But also completed the rebranding and fixed some other issues. I'm available if someone wants help with working on this, also sent my work to Stormi (or was it Remmy?) because he wanted to keep iceape alive, but feared that the package would be too big for him. But we definitely need to find a new maintainer for it who does the updates. If not, i think i can work on this some more for one update to a current version (debian has iceape-2.7.4, there are also no newer branding patches available, f.ex. for 2.8 or 2.9) but i'd prefer if someone else could continue my work. Just ping me, then i'll send my tarball or commit my changes if someone wants to build on them.
Security updates for iceape are not exactly simple since most fixes are only released in new versions. For firefox there's an ESR but this does not exist for seamonkey (upstream name which we can't use due to trademark licensing issues). Debian does update its package this way but I don't see how they get the advisories and any certainty the full codebase was tested. The source for such 2.7.x 'releases' should be in the repository where thunderbird ESRs are tagged. Since I had no luck with 2.7-2.9 builds (for cauldron), I prepared an iceape 2.10.1 package instead on cauldron and then backported it to mga1. So far I have not encountered any problems[1]. All subpackages are now merged into one big package which is bad for a security update but maybe it can be accepted anyway, since: - it only removes a bit of choice to not install certain parts, using more disk space, but presumably iceape users appreciate it's an integrated suite - upstream apparently wants people to upgrade to the latest version - I'm not aware of any significant UI changes Differences for the mga1 'backport' compared to my local cauldron package: bundled png, sqlite, and vpx libraries are used instead of system libraries because mga1 does not have the required versions (vpx could be disabled since webm support is a new feature AFAIK). Also, the dictionaries are searched in /usr/share/dict/mozilla instead of the new default /usr/share/hunspell . Should I try to upload this package to mga1 updates_testing? [1] the language packs cause a bunch of tabs to open after the upgrade with warnings but AFAIK this is an old issue caused by shipping them as extensions instead of built-in packages
Update iceape-2.10.1-1.mga1 (from iceape-2.10.1-1.mga1.src.rpm) built by Christiaan. Thanks Christiaan! Now we just need an advisory.
Update ready for testing. Source RPM: iceape-2.10.1-1.mga1.src.rpm Binary RPM: iceape-2.10.1-1.mga1 Advisory: ======================== Updated iceape packages fix security vulnerabilities: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2011-2374). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2011-2376). Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2365 (CVE-2011-2364). Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2364 (CVE-2011-2365). Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document (CVE-2011-2373). Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image (CVE-2011-2377). Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object (CVE-2011-2371). Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback (CVE-2011-0083). Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback (CVE-2011-2363). Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater (CVE-2011-0085). Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers (CVE-2011-2362). The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors (CVE-2011-2991). The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors (CVE-2011-2992). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2011-2985). The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801 (CVE-2011-2993). The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer" (CVE-2011-0084). The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by reading a report, related to incorrect host resolution that occurs with certain redirects (CVE-2011-2990). Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170 (CVE-2011-2999). Google Chrome user alibo encountered an active "man in the middle" (MITM) attack on secure SSL connections to Google servers. The fraudulent certificate was mis-issued by DigiNotar, a Dutch Certificate Authority. DigiNotar has reported evidence that other fraudulent certificates were issued and in active use but the full extent of the compromise is not known. For the protection of our users Mozilla has removed the DigiNotar root certificate. Sites using certificates issued by DigiNotar will need to seek another certificate vendor (MFSA 2011-34). As more information has come to light about the attack on the DigiNotar Certificate Authority we have improved the protections added in MFSA 2011-34. The main change is to add explicit distrust to the DigiNotar root certificate and several intermediates. Removing the root as in our previous fix meant the certificates could be considered valid if cross-signed by another Certificate Authority. Importantly this list of distrusted certificates includes the "PKIOverheid" (PKIGovernment) intermediates under DigiNotar's control that did not chain to DigiNotar's root and were not previously blocked (MFSA 2011-35). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2011-2995). Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values (CVE-2011-3000). Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site (CVE-2011-2372). Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages (CVE-2011-3670). Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding (CVE-2011-3648). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2011-3651). Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug (CVE-2011-3650). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2012-0442). Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file (CVE-2012-0444). Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document (CVE-2012-0449). Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation (CVE-2011-3026). Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue (CVE-2012-0455). The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read (CVE-2012-0456). Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context (CVE-2012-0458). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2012-0461). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2012-0467). Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set (CVE-2012-0471). Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) ISO-2022-KR or (2) ISO-2022-CN character set (CVE-2012-0477). Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak" (CVE-2011-1187). jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted JavaScript code (CVE-2012-1939). To prevent this update from being delayed further, all subpackages for the separate components are now included in the main iceape package. Updated Packages: iceape-2.10.1-1.mga1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0083 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2362 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2363 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2364 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2365 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2371 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2372 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2373 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2374 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2376 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2985 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2990 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2991 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2992 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2993 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2999 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3670 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0442 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0455 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0456 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0467 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0471 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0477 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1939 http://www.mozilla.org/security/announce/2011/mfsa2011-34.html http://www.mozilla.org/security/announce/2011/mfsa2011-35.html ======================== As reported earlier the security issue originally named in this bug does not affect the iceape package in mga1 so I changed the name. Cauldron was fixed by removing the iceape package before mga2 release.
Status: NEW => ASSIGNEDCC: (none) => cjwAssignee: cjw => qa-bugsSummary: iceape new security issue CVE-2012-0452 => multiple iceape security issues fixed in 2.7
update validated on x86_64 testing involved general browsing, setting up an email account, connected to irc channel, added contacts, composed email. All work as expected
CC: (none) => derekjenn
Whiteboard: (none) => MGA1-64-OK
# urpmi --debug iceape <snip> search_packages: found iceape-2.0.14-2.mga1.i586 matching iceape search_packages: found iceape-2.10.1-1.mga1.i586 matching iceape found package(s): iceape-2.0.14-2.mga1.i586 iceape-2.10.1-1.mga1.i586 opening rpmdb (root=, write=) chosen iceape-2.10.1-1.mga1.i586 for iceape|iceape selecting iceape-2.10.1-1.mga1.i586 installed package eclipse-swt-3.6.2-12.1.mga1.i586 is conflicting with iceape-2.10.1-1.mga1.i586 (Conflicts: mozilla) set_rejected: eclipse-swt-3.6.2-12.1.mga1.i586 installed tuxguitar-1.2-7.1.mga1.i586 is conflicting because of unsatisfied eclipse-swt promoting eclipse-swt-3.6.2-12.mga1.i586 because of conflict above not selecting eclipse-swt-3.6.2-12.mga1.i586 since the more recent eclipse-swt-3.6.2-12.1.mga1.i586 is installed A requested package cannot be installed: eclipse-swt-3.6.2-12.mga1.i586 (in order to keep eclipse-swt-3.6.2-12.1.mga1.i586)
CC: (none) => davidwhodgins
Dave, try uninstalling the eclipse-swt from updates_testing (and installing the previous one) and see if you can install iceape. If you can, report the issue on Bug 6611.
The eclipse-swt conflicts problem was fixed for mga2. The workaround is to remove eclipse-swt before installing iceape. Going back to a previous eclipse-swt won't help. (mozilla was the original name of seamonkey/iceape after netscape communicator was open sourced)
Testing mga1 32 Before ------ Spellcheck and java don't seem to work and flash causes a segfault. Only browser and Composer available. After ----- When started it checks addons. Ticked to install en_GB language pack. When it finished its checks it opened 23 tabs saying "Another program on your computer would like to modify iceape with the following addon, one for each language. Java works. Flash causes it to become unresponsive. email, spellcheck, irc all ok.
Christiaan I notice you commented about the 23 tabs in comment 6 so the only issue really is flash causing it to become unresponsive. It doesn't appear to be a regression, in so far as it was a segfault but is now a hang. Do you wish to look at that?
@claire thanks for the detailed report. Although I don't really care about flash, the problem you found is most likely the same with videos played through plugins (like totem-mozilla or gecko-mplayer) where iceape does not hang indefinitely but for about a minute. I just ignored it for a long time because I did not see it often (such videos are uncommon on the web I think, most are flash/silverlight or html5 video). I believe it can be 'fixed' by changing a setting: Type in the address bar: about:config (it may ask if you are sure) look for dom.ipc.plugins.enabled and set it to false. I'll disable this setting in the defaults and submit a new package.
Testing complete on Mageia 1 i586 with the srpm iceape-2.10.1-2.mga1.src.rpm Imported my settings from thunderbird. Email is working (pop3), nntp, flash on youtube and http://www.adobe.com/software/flash/about/ java applet at a speed test site, and general browsing. Removing MGA1-64-OK from the whiteboard, as it hasn't been tested with this version. I'll test Mageia 2 i586 shortly.
Whiteboard: MGA1-64-OK => MGA1-32-OK
Oops. This is only a Mageia 1 update, so just needs retesting on 64 bit.
That fixed it Christiaan. Retested everything else all OK. Validating Advisory in comment 8. SRPM: iceape-2.10.1-2.mga1.src.rpm Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: Triaged => validated_updateCC: (none) => sysadmin-bugsHardware: i586 => AllWhiteboard: MGA1-32-OK => MGA1-32-OK mga1-64-OK
Hold the phone. Should we build 2.11? It looks like 2.10 may be affected by some of these issues announced today: http://www.mozilla.org/security/announce/2012/mfsa2012-42.html http://www.mozilla.org/security/announce/2012/mfsa2012-43.html http://www.mozilla.org/security/announce/2012/mfsa2012-44.html http://www.mozilla.org/security/announce/2012/mfsa2012-45.html http://www.mozilla.org/security/announce/2012/mfsa2012-46.html http://www.mozilla.org/security/announce/2012/mfsa2012-47.html http://www.mozilla.org/security/announce/2012/mfsa2012-48.html http://www.mozilla.org/security/announce/2012/mfsa2012-49.html http://www.mozilla.org/security/announce/2012/mfsa2012-50.html http://www.mozilla.org/security/announce/2012/mfsa2012-51.html http://www.mozilla.org/security/announce/2012/mfsa2012-52.html http://www.mozilla.org/security/announce/2012/mfsa2012-53.html http://www.mozilla.org/security/announce/2012/mfsa2012-54.html http://www.mozilla.org/security/announce/2012/mfsa2012-55.html http://www.mozilla.org/security/announce/2012/mfsa2012-56.html
New update ready for testing: Source RPM: iceape-2.11-1.mga1.src.rpm Binary RPM: iceape-2.11-1.mga1 Advisory: see comment 8 (but with 'updated packages' -> iceape-2.11-1.mga1) AFAICT the security fixes in 2.11 are not reported for the version still in mga1 so we cannot list them as fixed.
Hardware: All => i586
Thanks Christiaan.
Keywords: validated_update => (none)Whiteboard: MGA1-32-OK mga1-64-OK => (none)
2.11.1 is still not showing up at http://twiska.zarb.org/mageia/distrib/1/i586/media/core/updates_testing Is there a problem with the build system?
Never mind. Misread the time, so thought it had been longer.
Testing complete on Mageia 1 i586 for the srpm iceape-2.11-1.mga1.src.rpm After installing the 2.11 version, on first start, it asked if I wanted to install the Traditional Chinese zh-TW and Ukranian UA language packs, which I allowed. Tested with email, nntp, general web browsing, flash, and a java applet.
Whiteboard: (none) => MGA1-32-OK
Testing complete mga1 x86_64 Advisory in comment 8 SRPM: iceape-2.11-1.mga1 Validating Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateHardware: i586 => AllWhiteboard: MGA1-32-OK => MGA1-32-OK mga1-64-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0176
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED