Description of problem: A number of critical security vulnerabilities have been found in seamonkey 2.12.x which is the upstream of iceape 2.12.1. They have been fixed in version 2.14 while version 2.14.1 fixes several functional regressions in that release.
Status: NEW => ASSIGNEDAssignee: bugsquad => cjw
An updated package is ready for testing. Source RPM: iceape-2.14.1-1.mga2.src.rpm Binary RPM for mga2: iceape-2.14.1-1.mga2 Proposed Advisory: Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2012-3982) Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2012-3983) Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling. (CVE-2012-3984) Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set. (CVE-2012-3985) Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code. (CVE-2012-3986) Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation. (CVE-2012-3988) Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site. (CVE-2012-3989) Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site. (CVE-2012-3991) Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property. (CVE-2012-3994) The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue. (CVE-2012-3993) The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site. (CVE-2012-4184) Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object. (CVE-2012-3992) The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. (CVE-2012-3995) Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. (CVE-2012-4179) Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. (CVE-2012-4180) Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. (CVE-2012-4181) Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. (CVE-2012-4182) Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. (CVE-2012-4183) Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. (CVE-2012-4185) Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. (CVE-2012-4186) Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and assertion failure) via unspecified vectors. (CVE-2012-4187) Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. (CVE-2012-4188) Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function. (CVE-2012-3990) The FT2FontEntry::CreateFontEntry function in FreeType, as used in the Android build of Mozilla Firefox before 16.0.1 on CyanogenMod 10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. (CVE-2012-4190) The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. (CVE-2012-4191) Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193. (CVE-2012-4192) Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site. (CVE-2012-4193) Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. (CVE-2012-4194) The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior. (CVE-2012-4195) Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object. (CVE-2012-4196) Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2012-5842) Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2012-5843) Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image. (CVE-2012-4202) The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on.(CVE-2012-4201) Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. (CVE-2012-5836) The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. (CVE-2012-4204) Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on. (CVE-2012-4205) The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site. (CVE-2012-4208) Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site. (CVE-2012-5841) The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. (CVE-2012-4207) Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin. (CVE-2012-4209) Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. (CVE-2012-4212) Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. (CVE-2012-4213) Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-5840. (CVE-2012-4214) Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. (CVE-2012-4215) Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. (CVE-2012-4216) Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. (CVE-2012-4217) Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. (CVE-2012-4218) Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors. (CVE-2012-5829) Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors. (CVE-2012-5839) Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214. (CVE-2012-5840) Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document. (CVE-2012-5830) The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via function calls involving certain values of the level parameter. (CVE-2012-5833) Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted data. (CVE-2012-5835) The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions. (CVE-2012-5838) References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3983 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3984 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3985 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3989 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4190 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4201 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4202 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4207 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4208 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4212 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4214 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4215 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4216 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4217 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4218 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5830 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5833 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5835 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5836 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5838 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5842 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5843
Assignee: cjw => qa-bugs
Can't install it on Mageia 2 x86-64. # rpm -qv task-obsolete task-obsolete-2-20.mga2 # urpmq --obsoletes task-obsolete|grep iceape task-obsolete: iceape task-obsolete: iceape-dom-inspector task-obsolete: iceape-irc task-obsolete: iceape-js-debugger task-obsolete: iceape-mail task-obsolete: iceape-spellchecker task-obsolete: iceape[< 2.6.1-2] task-obsolete: iceape-dom-inspector[< 2.6.1-2] task-obsolete: iceape-irc[< 2.6.1-2] task-obsolete: iceape-js-debugger[< 2.6.1-2] task-obsolete: iceape-mail[< 2.6.1-2] task-obsolete: iceape-spellchecker[< 2.6.1-2] task-obsolete: iceape task-obsolete: iceape-dom-inspector task-obsolete: iceape-irc task-obsolete: iceape-js-debugger task-obsolete: iceape-mail task-obsolete: iceape-spellchecker
CC: (none) => cjw, davidwhodginsWhiteboard: (none) => feedback
task-obsolete-2-20.1.mga2 doesn't get installed as update?
Yes, it got installed, but not until shortly after I'd added comment 2. I'll resume testing. Thanks.
Whiteboard: feedback => (none)
Testing complete on Mageia 2 x86-64. The only problems I noticed were that the thunderbird-enigmail plugin wasn't utilized, so encrypted messages are only working if enigmail is downloaded/installed by the user. Also, on the download page, it says "Add to Seamonkey", and the directory used is under ~/.mozilla/seamonkey, which may be somewhat confusing for new users. Otherwise looks good. Tested with email, nntp, web browsing, including flash and java applets.
Whiteboard: (none) => MGA2-64-OK
on Mageia2 32bits : updating the previous version of Iceape 2.12.1-1 (used everyday for email, newsreader, sometimes as web composer, sometimes as webbrowser) the enigmail extension working with the previous package isn't compatible with this one (it's nevertheless proposed and smoothly updated during the first launch of the updated iceape) the chatzilla extension working with the previous package is compatible with this one Testing complete and OK when updating from a previous used version... Philippe
CC: (none) => philippedidierWhiteboard: MGA2-64-OK => MGA2-64-OK MGA-32-OK
Validating the update. Could someone from the sysadmin team push the srpm iceape-2.14.1-1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates. See Comment 1 for the advisory. https://bugs.mageia.org/show_bug.cgi?id=8275
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0353
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED