Debian Security Advisory
DSA-2437-1 icedove -- several vulnerabilities
- Date Reported:
- 21 Mar 2012
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-0455, CVE-2012-0456, CVE-2012-0458, CVE-2012-0461.
- More information:
Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.
Atte Kettunen discovered an out of bounds read in the SVG Filters, resulting in memory disclosure.
Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code.
For the stable distribution (squeeze), this problem has been fixed in version 3.0.11-1+squeeze8.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your icedove packages.