Bulletin d'alerte Debian

DSA-1562-1 iceape -- Erreur de programmation

Date du rapport:

28 avril 2008

Paquets concernés:

iceape

Vulnérabilité:

Oui

Références dans la base de données de sécurité:

Dans le dictionnaire CVE du Mitre : CVE-2008-1380.

Pour plus d'information:

On a découvert que des plantages dans le moteur de JavaScript d'Iceape, une version en marque blanche de la suite internet Seamonkey, pouvait conduire à l'exécution de code arbitraire.

Pour la distribution stable (Etch), ce problème a été corrigé dans la version 1.0.13~pre080323b-0etch3.

Pour la distribution instable (Sid), ce problème a été corrigé dans la version 1.1.9-2.

Nous vous recommandons de mettre à jour vos paquets iceape.

Corrigé dans:

Debian GNU/Linux 4.0 (stable)

Source :: http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b-0etch3.diff.gz; http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b.orig.tar.gz; http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b-0etch3.dsc
Composant indépendant de l'architecture :: http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.13~pre080323b-0etch3_all.deb; http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.13~pre080323b-0etch3_all.deb; http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.13~pre080323b-0etch3_all.deb; http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.13~pre080323b-0etch3_all.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b-0etch3_all.deb; http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.13~pre080323b-0etch3_all.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.13~pre080323b-0etch3_all.deb; http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.13~pre080323b-0etch3_all.deb; http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.13~pre080323b-0etch3_all.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.13~pre080323b-0etch3_all.deb; http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.13~pre080323b-0etch3_all.deb; http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.13~pre080323b-0etch3_all.deb
Alpha:: http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_alpha.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_alpha.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_alpha.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_alpha.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_alpha.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_amd64.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_amd64.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_amd64.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_amd64.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_amd64.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_arm.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_arm.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_arm.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_arm.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_arm.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_arm.deb
HP Precision:: http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_hppa.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_hppa.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_hppa.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_hppa.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_hppa.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_hppa.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_i386.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_i386.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_i386.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_i386.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_i386.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_ia64.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_ia64.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_ia64.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_ia64.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_ia64.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_ia64.deb
Big-endian MIPS:: http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_mips.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_mips.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_mips.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_mips.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_mips.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_mips.deb
Little-endian MIPS:: http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_mipsel.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_mipsel.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_mipsel.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_mipsel.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_mipsel.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_powerpc.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_powerpc.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_powerpc.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_powerpc.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_powerpc.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_s390.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_s390.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_s390.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_s390.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_s390.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_sparc.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_sparc.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_sparc.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_sparc.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_sparc.deb; http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_sparc.deb

Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.