Debian Security Advisory
DSA-2513-1 iceape -- several vulnerabilities
- Date Reported:
- 17 Jul 2012
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-1948, CVE-2012-1954, CVE-2012-1967.
- More information:
Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey:
Benoit Jacob, Jesse Ruderman, Christian Holler, and Bill McCloskey identified several memory safety problems that may lead to the execution of arbitrary code.
Abhishek Arya discovered a use-after-free problem in nsDocument::AdoptNode that may lead to the execution of arbitrary code.
For the stable distribution (squeeze), this problem has been fixed in version 2.0.11-14.
For the unstable (sid) and testing (wheezy) distribution, this problem will be fixed soon.
We recommend that you upgrade your iceape packages.