CVE-2007-3734 Multiple unspecified vulnerabilities

Debian Bug report logs - #444010
CVE-2007-3734 Multiple unspecified vulnerabilities

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: submit@bugs.debian.org

Subject: CVE-2007-3734 Multiple unspecified vulnerabilities

Date: Tue, 25 Sep 2007 14:36:42 +0200

[Message part 1 (text/plain, inline)]

Package: icedove
Version: 2.0.0.4.dfsg1-2
Severity: grave
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for icedove.

CVE-2007-3734[0]:
| Multiple unspecified vulnerabilities in the browser engine in Mozilla
| Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote
| attackers to cause a denial of service (crash) via unspecified vectors
| that trigger memory corruption.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3734

Kind regards
Nico

-- 
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Message #10 received at 444010-close@bugs.debian.org (full text, mbox, reply):

From: Alexander Sack <asac@debian.org>

To: 444010-close@bugs.debian.org

Subject: Bug#444010: fixed in icedove 2.0.0.6-1

Date: Tue, 09 Oct 2007 08:47:33 +0000

Source: icedove
Source-Version: 2.0.0.6-1

We believe that the bug you reported is fixed in the latest version of
icedove, which is due to be installed in the Debian FTP archive:

icedove-dbg_2.0.0.6-1_amd64.deb
  to pool/main/i/icedove/icedove-dbg_2.0.0.6-1_amd64.deb
icedove-dev_2.0.0.6-1_amd64.deb
  to pool/main/i/icedove/icedove-dev_2.0.0.6-1_amd64.deb
icedove-gnome-support_2.0.0.6-1_amd64.deb
  to pool/main/i/icedove/icedove-gnome-support_2.0.0.6-1_amd64.deb
icedove_2.0.0.6-1.diff.gz
  to pool/main/i/icedove/icedove_2.0.0.6-1.diff.gz
icedove_2.0.0.6-1.dsc
  to pool/main/i/icedove/icedove_2.0.0.6-1.dsc
icedove_2.0.0.6-1_amd64.deb
  to pool/main/i/icedove/icedove_2.0.0.6-1_amd64.deb
icedove_2.0.0.6.orig.tar.gz
  to pool/main/i/icedove/icedove_2.0.0.6.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 444010@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alexander Sack <asac@debian.org> (supplier of updated icedove package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 08 Oct 2007 12:09:42 +0000
Source: icedove
Binary: icedove-dev icedove icedove-gnome-support icedove-dbg
Architecture: source amd64
Version: 2.0.0.6-1
Distribution: unstable
Urgency: low
Maintainer: Alexander Sack <asac@debian.org>
Changed-By: Alexander Sack <asac@debian.org>
Description: 
 icedove    - free/unbranded thunderbird mail/news/rss clone
 icedove-dbg - Debug Symbols for Icedove
 icedove-dev - Development files for Icedove
 icedove-gnome-support - Support for Gnome in Icedove
Closes: 443454 444010
Changes: 
 icedove (2.0.0.6-1) unstable; urgency=low
 .
   * new upstream release 2.0.0.6-1 fixes various security issues
    (Closes: #444010):
     - MFSA 2007-18 aka CVE-2007-3734, CVE-2007-3735 - Crashes with evidence of
       memory corruption (rv:1.8.1.5).
     - MFSA 2007-23 aka CVE-2007-3670 - Remote code execution by launching
       Firefox from Internet Explorer (doesn't apply to linux).
     - MFSA 2007-26 aka CVE-2007-3844 - Privilege escalation through
       chrome-loaded about:blank windows.
     - MFSA 2007-27 aka # CVE-2007-3845 - Unescaped URIs passed to external
       programs.
   * debian/patches/debian/patches/credits-rebranding: refresh patch because of
     code-base change in new upstream release.
   * debian/patche/bz389801_deb443454_fix_gtk_theme_crashes.patch,series:
        import fix for theme crashes from bugzilla (Closes: 443454).
Files: 
 3010de28792f6415dbea05a1873efa50 1727 mail optional icedove_2.0.0.6-1.dsc
 d1030ebe56ab01c757b0d5488bed0c05 34063528 mail optional icedove_2.0.0.6.orig.tar.gz
 747c390164d07d4945d3b769a3abc5d9 98958 mail optional icedove_2.0.0.6-1.diff.gz
 24ebff1cfdddb31c940b8cc5f78f0b1e 12220920 mail optional icedove_2.0.0.6-1_amd64.deb
 eb45ed474037c167baff8e13c85893ae 44412 mail optional icedove-gnome-support_2.0.0.6-1_amd64.deb
 17b86a3fabde369e2857a0c2c39fe811 56938268 mail optional icedove-dbg_2.0.0.6-1_amd64.deb
 7955b286dbaa0a3507d262601e72dad8 3728368 mail optional icedove-dev_2.0.0.6-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQIVAwUBRwon9qBE/gcUDGZkAQIdbA/+M3nG+deowBDsO4PvW1vdUI3t+4EjPexL
IKkd3YDv3IL191IUyaVSwMlUWcaGZnnGb6U2HHByhvhZ5Ya8Rf+8qM5hHGJ4Hfp4
iztJwEoIIg+6LcMPVdQLFjrgdVGjv5+/maWWWf9qGhND3mlo5icly+1QATiOYtVX
YWjo3Nkn3nbokS9CZl/5fxOddv4t/ixclsixiJfHup4sghwIiDm/HOayk5SElrIk
qHDc0qElNkAcQpvf6bL5zD3CsdS1qub67n2Zg8zcRDNCZu6rZZS6+L8KpswyPwL6
BlTTCwMgQVzMvcsgox8lQ+OwnFdhKeZglQD8AsirDeHG5Iy0EltEb8t/O3s8tJbj
16uUyM6+m3daC6rgfbsVaRIl5z25ZBamICam/7As2w4Mm0dct9RWnZoMTIDsuI+Y
oXLKK7PwkiBk9FqFjNE0htIMSzPY3S32yxmgYXGXQ8GYxxVQXunCICTrnQVKhLof
tB8AqC8JAVEhyfX1858gaVtJLYTkxnV/ypxA277BFeSkKmmoKfmlWHU+IKlgqyg1
l9vE3soSlY91DmXA1q0oHeTS9CASlWSRyKKJwtu+nQJ8/kLyw+Mrs/LCsdvnwhBC
vYb8CCROqrQumYF39urdftne6md3QxT4sKUSGhSkno20z0zS12m8oEqaNI1f+YyL
9qEnLp0vbx4=
=dhq/
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.