----------------------------------------------------------------------

Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?

Click here to learn more:
http://secunia.com/advisories/business_solutions/

----------------------------------------------------------------------

TITLE:
Debian update for iceape

SECUNIA ADVISORY ID:
SA33433

VERIFY ADVISORY:
http://secunia.com/advisories/33433/

CRITICAL:
Highly critical

IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Exposure of system
information, Exposure of sensitive information, DoS, System access

WHERE:
>From remote

OPERATING SYSTEM:
Debian GNU/Linux 4.0
http://secunia.com/advisories/product/13844/
Debian GNU/Linux unstable alias sid
http://secunia.com/advisories/product/530/

DESCRIPTION:
Debian has issued an update for iceape. This fixes some
vulnerabilities, which can be exploited by malicious people to
conduct cross-site scripting and spoofing attacks, bypass certain
security restrictions, disclose sensitive information or potentially
compromise a user's system.

For more information:
SA29860
SA30761
SA31984
SA32714
SA33204

SOLUTION:
Apply updated packages.

-- Debian GNU/Linux 4.0 alias etch --

Source archives:

http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080614i-0etch1.dsc
Size/MD5 checksum: 2104 b780c722d772cde416bfbda0e6750e3f
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080614i-0etch1.diff.gz
Size/MD5 checksum: 2033694 fadf6ae5717e05ff353c52b8e90825d0
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080614i.orig.tar.gz
Size/MD5 checksum: 42978498 b5f28ad30d5e15dc67efa370c7f9ee59

Architecture independent packages:

http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.13~pre080614i-0etch1_all.deb
Size/MD5 checksum: 29248 3c5939146bfc6801b54a5e0584dca482
http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.13~pre080614i-0etch1_all.deb
Size/MD5 checksum: 29224 8027c7b507f7029d558846ad1e38db99
http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.13~pre080614i-0etch1_all.deb
Size/MD5 checksum: 281076 80fcf72ee4e4392b44e32f052ea70456
http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.13~pre080614i-0etch1_all.deb
Size/MD5 checksum: 29232 ffa20451394a1d05f5da58116f133916
http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.13~pre080614i-0etch1_all.deb
Size/MD5 checksum: 3667564 aec7efa1351f2f41289ec6edc5d1da6c
http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.13~pre080614i-0etch1_all.deb
Size/MD5 checksum: 30218 3a26ed7bbcdefc06ec0f34256733ad4e
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.13~pre080614i-0etch1_all.deb
Size/MD5 checksum: 29358 b764c962b7bc3a9fc2a2c6c723b3129c
http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.13~pre080614i-0etch1_all.deb
Size/MD5 checksum: 29222 dc21b8434b9b72375e8df9fa94a7709d
http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.13~pre080614i-0etch1_all.deb
Size/MD5 checksum: 29260 9f827631e7c410da840ca7ae095ebe2d
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080614i-0etch1_all.deb
Size/MD5 checksum: 30676 a508e9e68d99676fd897ecb1095486b7
http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.13~pre080614i-0etch1_all.deb
Size/MD5 checksum: 29244 33e0809ea09959c467e1379206e605ab
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.13~pre080614i-0etch1_all.deb
Size/MD5 checksum: 29264 fc07419a1397db4a1f65f42123864c76

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_alpha.deb
Size/MD5 checksum: 60708202 67b1488b6549084cccfe2939ad6da1c0
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_alpha.deb
Size/MD5 checksum: 2282516 c3e6e1ec7cd869c1205a79de1e090d7a
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_alpha.deb
Size/MD5 checksum: 56706 44defee7a96a0a632744acdec128e152
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_alpha.deb
Size/MD5 checksum: 200546 69a5be2dfec4f6690041bad98e80331e
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_alpha.deb
Size/MD5 checksum: 12894314 ae3d3ef615ea4e13363a274912e1e99c
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_alpha.deb
Size/MD5 checksum: 629450 96d8b62fdaffdbd48ade90b1e3e4e032

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_amd64.deb
Size/MD5 checksum: 2094958 d25528c803f38c309c74427d5e0769c1
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_amd64.deb
Size/MD5 checksum: 11683136 aff467dd69f1272dbcc1be14f0d96295
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_amd64.deb
Size/MD5 checksum: 55488 62268a914d78526df611190dbab5e6ca
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_amd64.deb
Size/MD5 checksum: 612120 45ce3f797e175feff8cbd20526008f7b
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_amd64.deb
Size/MD5 checksum: 59742704 2c7625187ee32f93a01b0f822face8f7
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_amd64.deb
Size/MD5 checksum: 197202 50ea3e1f957a8c6ca761f651f25cba39

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_hppa.deb
Size/MD5 checksum: 56794 383de80565c8737055cbb7f854bfda21
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_hppa.deb
Size/MD5 checksum: 200226 f22a4d3ab31ce54792c41166669ecc66
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_hppa.deb
Size/MD5 checksum: 60588594 5ddfcb5e1feca41bef601a181ab7c86c
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_hppa.deb
Size/MD5 checksum: 13002074 0ba6c8340786bcd476e450fd9c227444
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_hppa.deb
Size/MD5 checksum: 2352360 74c84da1042f6509e7061f64779d37a6
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_hppa.deb
Size/MD5 checksum: 621258 e017d448d1cbdf589c4cbc1381187ff2

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_i386.deb
Size/MD5 checksum: 10493838 6ae4594756d565e0e8cbd5df76011736
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_i386.deb
Size/MD5 checksum: 192010 9cc79d018eedc49931af793d1828bd95
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_i386.deb
Size/MD5 checksum: 58802216 6469dd02ef7db7da6e5ab347e6ce7d60
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_i386.deb
Size/MD5 checksum: 1894534 519c11b7d16a9b18f2210808ae1d0d92
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_i386.deb
Size/MD5 checksum: 50552 dd9e3a6356e265592d5eea54c4e44c21
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_i386.deb
Size/MD5 checksum: 591248 2e54c039929b804d0d7d1fd5df38171a

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_ia64.deb
Size/MD5 checksum: 664100 38ab3addca82ff3cd814265777814a89
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_ia64.deb
Size/MD5 checksum: 206798 41237d984441d52d39fedc62d58514cf
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_ia64.deb
Size/MD5 checksum: 59993870 48724db6f24e5b198ccd296ab5eae79d
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_ia64.deb
Size/MD5 checksum: 15810684 ab38e3d118ee39b7f77bd0d6920f5f62
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_ia64.deb
Size/MD5 checksum: 2819586 5b71efd5233db1081bc5c71bed2c19e5
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_ia64.deb
Size/MD5 checksum: 64056 0841d4d6a5a5958a3ea3549f2536cbc7

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_mips.deb
Size/MD5 checksum: 193922 fa7ef5ff71177f2ddd6842c335ff6b0e
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_mips.deb
Size/MD5 checksum: 11140164 9188919a54175217153ad1b7900397cd
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_mips.deb
Size/MD5 checksum: 61581874 31636d074d991a80a0e7b7d314999fd2
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_mips.deb
Size/MD5 checksum: 601582 bdee14d2f4f81f6afa2d9b58be1d0c94
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_mips.deb
Size/MD5 checksum: 52124 2f6b4f92e32bc1f1afb7ee1563faad8f
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_mips.deb
Size/MD5 checksum: 1958828 84d9804ceea7404e213e883a970810eb

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_mipsel.deb
Size/MD5 checksum: 10925674 27894883c1de817d54cc4907a382d980
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_mipsel.deb
Size/MD5 checksum: 598084 83e4d5bb9ac0d4d8e47ca121e99866ce
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_mipsel.deb
Size/MD5 checksum: 1944652 32c2318db8b4bcaa5845b532d72de713
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_mipsel.deb
Size/MD5 checksum: 193434 b3e49574473fe47d0017da5ebe20d7bc
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_mipsel.deb
Size/MD5 checksum: 59935110 dc8551b52c078a10192b9693a16ffe3b
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_mipsel.deb
Size/MD5 checksum: 51936 96f5aca01dcedbd47c0576cbb72c8b6c

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_powerpc.deb
Size/MD5 checksum: 61714000 86246588c13b8ec2a2c678d2d22fb9c2
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_powerpc.deb
Size/MD5 checksum: 598244 a800be58f01cfb5e95e2fad048f1d698
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_powerpc.deb
Size/MD5 checksum: 2008442 ba78c3982162ae34e75fec4c5a942a85
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_powerpc.deb
Size/MD5 checksum: 51290 70f98cf9e61d4a05282be3b751064c86
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_powerpc.deb
Size/MD5 checksum: 194126 ed1919113692ba5fa791fa488a4f4439
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_powerpc.deb
Size/MD5 checksum: 11325232 77ae05048976e57731e988f141ae5bec

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_s390.deb
Size/MD5 checksum: 614074 89cf267528c6f7c35e39935d2ed4040c
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_s390.deb
Size/MD5 checksum: 60468932 ef714afc155664d90f19528a9fc3ecc0
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_s390.deb
Size/MD5 checksum: 2187836 38740bf0c2f5c87205ab9c990ea4177d
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_s390.deb
Size/MD5 checksum: 56036 9b3deb1020cde420c9abf02fd66efd2f
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_s390.deb
Size/MD5 checksum: 199010 115d1e007cf3f8731421eed4cfc6e90a
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_s390.deb
Size/MD5 checksum: 12300536 2811d12c7dee00fadcd9eb5c58ec8f4f

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_sparc.deb
Size/MD5 checksum: 10694130 88813d3246501a19f576e420968f688b
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_sparc.deb
Size/MD5 checksum: 190218 c47a2036511b7338e757b2e42e035e7c
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_sparc.deb
Size/MD5 checksum: 49148 cec70f901ce76c3710026a2635315af0
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_sparc.deb
Size/MD5 checksum: 590140 ff8c1213e52c2d2bb0bab134db93f840
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_sparc.deb
Size/MD5 checksum: 1904008 6b2327e75595ba38f48139a7fc4776a0
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_sparc.deb
Size/MD5 checksum: 58609342 8c945ce7ad5f770c780ec63653c8c033

-- Debian GNU/Linux unstable alias sid --

Fixed in version 1.1.14-1.

ORIGINAL ADVISORY:
DSA-1697-1:
http://lists.debian.org/debian-security-announce/2009/msg00004.html

OTHER REFERENCES:
SA29860:
http://secunia.com/advisories/29860/

SA30761:
http://secunia.com/advisories/30761/

SA31984:
http://secunia.com/advisories/31984/

SA32714:
http://secunia.com/advisories/32714/

SA33204:
http://secunia.com/advisories/33204/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------