Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/glsa-201701-15.xml
diff options
context:
space:
mode:
authorThomas Deutschmann <whissi@gentoo.org>2017-01-04 16:26:25 +0100
committerThomas Deutschmann <whissi@gentoo.org>2017-01-04 16:26:25 +0100
commit082d2e572755d30ba7143486447cd92b21352f36 (patch)
treef83059d43128e52cf4ebe08dfcba99b72fefd288 /glsa-201701-15.xml
parentAdd GLSA 201701-15 (diff)
downloadglsa-082d2e572755d30ba7143486447cd92b21352f36.tar.gz
glsa-082d2e572755d30ba7143486447cd92b21352f36.tar.bz2
glsa-082d2e572755d30ba7143486447cd92b21352f36.zip
Fix GLSA 201701-15
Not all CVEs listed were resolved in the www-client/seamonkey{,-bin} version in Gentoo repository. Therefore, SeaMonkey was removed from the GLSA and a separate GLSA addressing the outstanding Mozilla SeaMonkey vulnerabilities will be published as soon as possible.
Diffstat (limited to 'glsa-201701-15.xml')
-rw-r--r--glsa-201701-15.xml75
1 files changed, 11 insertions, 64 deletions
diff --git a/glsa-201701-15.xml b/glsa-201701-15.xml
index 893c2fe8..5209b617 100644
--- a/glsa-201701-15.xml
+++ b/glsa-201701-15.xml
@@ -1,16 +1,14 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-15">
- <title>Mozilla Firefox, SeaMonkey, Thunderbird: Multiple vulnerabilities</title>
- <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox,
- SeaMonkey, and Thunderbird the worst of which could lead to the execution
- of arbitrary code.
+ <title>Mozilla Firefox, Thunderbird: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox and
+ Thunderbird the worst of which could lead to the execution of arbitrary
+ code.
</synopsis>
- <product type="ebuild">firefox, thunderbird, seamonkey</product>
+ <product type="ebuild">firefox, thunderbird</product>
<announced>January 03, 2017</announced>
- <revised>January 03, 2017: 1</revised>
- <bug>539242</bug>
- <bug>541506</bug>
+ <revised>January 04, 2017: 2</revised>
<bug>581326</bug>
<bug>590330</bug>
<bug>594616</bug>
@@ -36,28 +34,18 @@
<unaffected range="ge">45.6.0</unaffected>
<vulnerable range="lt">45.6.0</vulnerable>
</package>
- <package name="www-client/seamonkey" auto="yes" arch="*">
- <unaffected range="ge">2.38</unaffected>
- <vulnerable range="lt">2.38</vulnerable>
- </package>
- <package name="www-client/seamonkey-bin" auto="yes" arch="*">
- <unaffected range="ge">2.38</unaffected>
- <vulnerable range="lt">2.38</vulnerable>
- </package>
</affected>
<background>
<p>Mozilla Firefox is a cross-platform web browser from Mozilla. The
Mozilla Thunderbird mail client is a redesign of the Mozilla Mail
component. The goal is to produce a cross-platform stand-alone mail
- application using XUL (XML User Interface Language). SeaMonkey is a free
- and open-source Internet suite. It is the continuation of the former
- Mozilla Application Suite, based on the same source code.
+ application using XUL (XML User Interface Language).
</p>
</background>
<description>
- <p>Multiple vulnerabilities have been discovered in Mozilla Firefox,
- SeaMonkey, and Thunderbird. Please review the CVE identifiers referenced
- below for details.
+ <p>Multiple vulnerabilities have been discovered in Mozilla Firefox and
+ Thunderbird. Please review the CVE identifiers referenced below for
+ details.
</p>
</description>
<impact type="normal">
@@ -98,49 +86,8 @@
# emerge --ask --oneshot --verbose
"&gt;=mail-client/thunderbird-bin-45.6.0"
</code>
-
- <p>All SeaMonkey users should upgrade to the latest version:</p>
-
- <code>
- # emerge --sync
- # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-2.38"
- </code>
-
- <p>All SeaMonkey-bin users should upgrade to the latest version:</p>
-
- <code>
- # emerge --sync
- # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-bin-2.38"
- </code>
</resolution>
<references>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8634">CVE-2014-8634</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8635">CVE-2014-8635</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8636">CVE-2014-8636</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8637">CVE-2014-8637</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8638">CVE-2014-8638</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8639">CVE-2014-8639</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8640">CVE-2014-8640</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8641">CVE-2014-8641</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8642">CVE-2014-8642</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0819">CVE-2015-0819</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0820">CVE-2015-0820</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0821">CVE-2015-0821</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0822">CVE-2015-0822</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0823">CVE-2015-0823</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0824">CVE-2015-0824</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0825">CVE-2015-0825</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0826">CVE-2015-0826</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0827">CVE-2015-0827</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0828">CVE-2015-0828</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0829">CVE-2015-0829</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0830">CVE-2015-0830</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0831">CVE-2015-0831</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0832">CVE-2015-0832</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0833">CVE-2015-0833</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0834">CVE-2015-0834</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0835">CVE-2015-0835</uri>
- <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0836">CVE-2015-0836</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2804">CVE-2016-2804</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2805">CVE-2016-2805</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2806">CVE-2016-2806</uri>
@@ -218,5 +165,5 @@
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9905">CVE-2016-9905</uri>
</references>
<metadata tag="requester" timestamp="Mon, 02 Jan 2017 23:32:38 +0000">b-man</metadata>
- <metadata tag="submitter" timestamp="Tue, 03 Jan 2017 12:54:04 +0000">b-man</metadata>
+ <metadata tag="submitter" timestamp="Wed, 04 Jan 2017 14:37:04 +0000">b-man</metadata>
</glsa>