[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 3061-1] icedove security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3061-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
October 31, 2014                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : icedove
CVE ID         : CVE-2014-1574 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 
                 CVE-2014-1581 CVE-2014-1583 CVE-2014-1585 CVE-2014-1586

Multiple security issues have been found in Icedove, Debian's version of
the Mozilla Thunderbird mail and news client:  Multiple memory safety 
errors, buffer overflows, use-after-frees and other implementation 
errors may lead to the execution of arbitrary code or denial of service.

This update updates Iceweasel to the ESR31 series of Thunderbird. In
addition Enigmail was updated to version 1.7.2-1~deb7u1 to ensure 
compatibility with the new upstream release.

For the stable distribution (wheezy), these problems have been fixed in
version 31.2.0-1~deb7u1.

For the unstable distribution (sid), these problems have been fixed in
version 31.2.0-1.

We recommend that you upgrade your icedove packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUU/LxAAoJEBDCk7bDfE42to0QAJiX3kxGSc9+VUC7RP42IP9H
00V0iLhl2eBsOG1gtibefL6KBKRzCjOWCzMfzTd+eWZbWOCbdKV8jAaRlMkIdins
vAv/Q31C/ImrTpvjBYXLRD2kgoa6pV70D3Fl5zpWxK+Ktd+aegPhk6zIw41YdIH8
NVvGRmEIKBPYL4/kLtjX5Sod0IundH8/gqF4PubrU1SlsfGRQ8rL2chuGwA24lrl
cTzCSmrsy4VmD8mwuLS1sb+IG5dCTSltkWN6WjLp891+sZ+8pJG1R5a8EqyQmAau
2UPr/eiPMQ2Yre2Kjs7XwHNup9BSsWR7ScZEvKTOBdzj4UY/nlBarhtNJ8kNmLCZ
ZRzmgOgGJUwFkBBlYapFnCq3jEtu/4pb31pLJmsN5aiAO4gkTtlqZrlM4pncSBER
azND7iDIbNsazeHQ96VDF83repYYrLEgmhVZ4QfVTKn3sNDsVzKF5NOWHN0aMIqq
qYarP2Omw3Tx0RWrCYNkJZXvoPgwmkBnTw23DceKdrhQa/n/ToqXmskaBpXio7fl
Qf4J8OahSD10b7Md6BqoVNIIZFdcRFzUmC7KDGzqYCS07D/U/g7dVAabCeHATGIg
RiEcX/xFFYkYBbf9bWELSpkieH9C6cR9D6RzvmkES+RPc7sagU9sYjJhY4ORwGjQ
X+lYy42qnWhmQ4MPN9TI
=LHnD
-----END PGP SIGNATURE-----


Reply to: