Debian Bug report logs -
#444010
CVE-2007-3734 Multiple unspecified vulnerabilities
Reported by: Nico Golde <nion@debian.org>
Date: Tue, 25 Sep 2007 12:39:01 UTC
Severity: grave
Tags: security
Found in version icedove/2.0.0.4.dfsg1-2
Fixed in version icedove/2.0.0.6-1
Done: Alexander Sack <asac@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Alexander Sack <asac@debian.org>
:
Bug#444010
; Package icedove
.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>
:
New Bug report received and forwarded. Copy sent to Alexander Sack <asac@debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: icedove
Version: 2.0.0.4.dfsg1-2
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for icedove.
CVE-2007-3734[0]:
| Multiple unspecified vulnerabilities in the browser engine in Mozilla
| Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote
| attackers to cause a denial of service (crash) via unspecified vectors
| that trigger memory corruption.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3734
Kind regards
Nico
--
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Reply sent to Alexander Sack <asac@debian.org>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #10 received at 444010-close@bugs.debian.org (full text, mbox, reply):
Source: icedove
Source-Version: 2.0.0.6-1
We believe that the bug you reported is fixed in the latest version of
icedove, which is due to be installed in the Debian FTP archive:
icedove-dbg_2.0.0.6-1_amd64.deb
to pool/main/i/icedove/icedove-dbg_2.0.0.6-1_amd64.deb
icedove-dev_2.0.0.6-1_amd64.deb
to pool/main/i/icedove/icedove-dev_2.0.0.6-1_amd64.deb
icedove-gnome-support_2.0.0.6-1_amd64.deb
to pool/main/i/icedove/icedove-gnome-support_2.0.0.6-1_amd64.deb
icedove_2.0.0.6-1.diff.gz
to pool/main/i/icedove/icedove_2.0.0.6-1.diff.gz
icedove_2.0.0.6-1.dsc
to pool/main/i/icedove/icedove_2.0.0.6-1.dsc
icedove_2.0.0.6-1_amd64.deb
to pool/main/i/icedove/icedove_2.0.0.6-1_amd64.deb
icedove_2.0.0.6.orig.tar.gz
to pool/main/i/icedove/icedove_2.0.0.6.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 444010@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alexander Sack <asac@debian.org> (supplier of updated icedove package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 08 Oct 2007 12:09:42 +0000
Source: icedove
Binary: icedove-dev icedove icedove-gnome-support icedove-dbg
Architecture: source amd64
Version: 2.0.0.6-1
Distribution: unstable
Urgency: low
Maintainer: Alexander Sack <asac@debian.org>
Changed-By: Alexander Sack <asac@debian.org>
Description:
icedove - free/unbranded thunderbird mail/news/rss clone
icedove-dbg - Debug Symbols for Icedove
icedove-dev - Development files for Icedove
icedove-gnome-support - Support for Gnome in Icedove
Closes: 443454 444010
Changes:
icedove (2.0.0.6-1) unstable; urgency=low
.
* new upstream release 2.0.0.6-1 fixes various security issues
(Closes: #444010):
- MFSA 2007-18 aka CVE-2007-3734, CVE-2007-3735 - Crashes with evidence of
memory corruption (rv:1.8.1.5).
- MFSA 2007-23 aka CVE-2007-3670 - Remote code execution by launching
Firefox from Internet Explorer (doesn't apply to linux).
- MFSA 2007-26 aka CVE-2007-3844 - Privilege escalation through
chrome-loaded about:blank windows.
- MFSA 2007-27 aka # CVE-2007-3845 - Unescaped URIs passed to external
programs.
* debian/patches/debian/patches/credits-rebranding: refresh patch because of
code-base change in new upstream release.
* debian/patche/bz389801_deb443454_fix_gtk_theme_crashes.patch,series:
import fix for theme crashes from bugzilla (Closes: 443454).
Files:
3010de28792f6415dbea05a1873efa50 1727 mail optional icedove_2.0.0.6-1.dsc
d1030ebe56ab01c757b0d5488bed0c05 34063528 mail optional icedove_2.0.0.6.orig.tar.gz
747c390164d07d4945d3b769a3abc5d9 98958 mail optional icedove_2.0.0.6-1.diff.gz
24ebff1cfdddb31c940b8cc5f78f0b1e 12220920 mail optional icedove_2.0.0.6-1_amd64.deb
eb45ed474037c167baff8e13c85893ae 44412 mail optional icedove-gnome-support_2.0.0.6-1_amd64.deb
17b86a3fabde369e2857a0c2c39fe811 56938268 mail optional icedove-dbg_2.0.0.6-1_amd64.deb
7955b286dbaa0a3507d262601e72dad8 3728368 mail optional icedove-dev_2.0.0.6-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQIVAwUBRwon9qBE/gcUDGZkAQIdbA/+M3nG+deowBDsO4PvW1vdUI3t+4EjPexL
IKkd3YDv3IL191IUyaVSwMlUWcaGZnnGb6U2HHByhvhZ5Ya8Rf+8qM5hHGJ4Hfp4
iztJwEoIIg+6LcMPVdQLFjrgdVGjv5+/maWWWf9qGhND3mlo5icly+1QATiOYtVX
YWjo3Nkn3nbokS9CZl/5fxOddv4t/ixclsixiJfHup4sghwIiDm/HOayk5SElrIk
qHDc0qElNkAcQpvf6bL5zD3CsdS1qub67n2Zg8zcRDNCZu6rZZS6+L8KpswyPwL6
BlTTCwMgQVzMvcsgox8lQ+OwnFdhKeZglQD8AsirDeHG5Iy0EltEb8t/O3s8tJbj
16uUyM6+m3daC6rgfbsVaRIl5z25ZBamICam/7As2w4Mm0dct9RWnZoMTIDsuI+Y
oXLKK7PwkiBk9FqFjNE0htIMSzPY3S32yxmgYXGXQ8GYxxVQXunCICTrnQVKhLof
tB8AqC8JAVEhyfX1858gaVtJLYTkxnV/ypxA277BFeSkKmmoKfmlWHU+IKlgqyg1
l9vE3soSlY91DmXA1q0oHeTS9CASlWSRyKKJwtu+nQJ8/kLyw+Mrs/LCsdvnwhBC
vYb8CCROqrQumYF39urdftne6md3QxT4sKUSGhSkno20z0zS12m8oEqaNI1f+YyL
9qEnLp0vbx4=
=dhq/
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Wed, 02 Jan 2008 07:26:31 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:29:42 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.