---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Debian update for icedove SECUNIA ADVISORY ID: SA33434 VERIFY ADVISORY: http://secunia.com/advisories/33434/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information, DoS, System access WHERE: >From remote OPERATING SYSTEM: Debian GNU/Linux 4.0 http://secunia.com/advisories/product/13844/ Debian GNU/Linux unstable alias sid http://secunia.com/advisories/product/530/ DESCRIPTION: Debian has issued an update for icedove. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, conduct cross-site scripting attacks, or to potentially compromise a user's system. For more information: SA32007 SA32715 SA33205 SOLUTION: Apply updated packages. -- Debian GNU/Linux 4.0 alias etch -- Source archives: http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1.diff.gz Size/MD5 checksum: 632912 934c1af8ef52f687bd76100e038f031e http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i.orig.tar.gz Size/MD5 checksum: 35464904 bc7d4a8ac66249e890cc6b8053e1c403 http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1.dsc Size/MD5 checksum: 1352 50f9d989748dcdc3b4fbe3dfe5c511e0 Architecture independent packages: http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb Size/MD5 checksum: 30358 bda7c5e419dc5d8a9bce681f985b7b54 http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb Size/MD5 checksum: 30344 440f59303f23a8b51555ec44536bc610 http://security.debian.org/pool/updates/main/i/icedove/thunderbird-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb Size/MD5 checksum: 30344 85cca8031c7e802bbe8da34c57f4f49e http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb Size/MD5 checksum: 30332 1d7b977f1f636a6119fecbaa5209b123 http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb Size/MD5 checksum: 30352 ac038bd3bfa58b2bd8de442a71e6e244 http://security.debian.org/pool/updates/main/i/icedove/thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb Size/MD5 checksum: 30352 43ad195fe32dc2fb2e94513fbf91a77c http://security.debian.org/pool/updates/main/i/icedove/thunderbird_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb Size/MD5 checksum: 30312 cbe2956ce57f0d8c4c8ff97ab3e2b73e http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb Size/MD5 checksum: 30324 6a39034c09e4126bb21cdc23c2487939 http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb Size/MD5 checksum: 30330 a16f184ecc39515f32fa6083b617641b http://security.debian.org/pool/updates/main/i/icedove/thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb Size/MD5 checksum: 30338 242b59c55d9dee9589bb59fbd6658dc6 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb Size/MD5 checksum: 3962856 19a9dc3a453f2ca162e6e5bba2c689b6 http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb Size/MD5 checksum: 13483784 7fcca7955d98bb3a15f6ec99d6639771 http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb Size/MD5 checksum: 200634 057601dd1afc618d5f13e42c085f86c5 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb Size/MD5 checksum: 54840 c88c725218fc24b4a0b3190af5ac5a65 http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb Size/MD5 checksum: 65550 40bedd8656c7957486f18aac306f7d12 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb Size/MD5 checksum: 52488200 37055190c86d3ac57eec835a839bc419 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb Size/MD5 checksum: 62776 8d90b71b18c7d4b1d7e810f935d54e8d http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb Size/MD5 checksum: 197798 3b30dc78666876c8d0bb7b4787fdd8ca http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb Size/MD5 checksum: 3953624 6475fbe0b2b1c80b09028089ba67221d http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb Size/MD5 checksum: 53318 b9ec720b8da400758255f239813c20aa http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb Size/MD5 checksum: 51569938 8f68e2681ee04a4db5f91ab45b5f86e3 http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb Size/MD5 checksum: 12217532 43120cb3e4a16da07e47876b71cf55e3 arm architecture (ARM) http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb Size/MD5 checksum: 3926916 2471690066542ca1e81b565feeed8e70 http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb Size/MD5 checksum: 10910920 b80811bcd6f906f9464be3164efaddf6 http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb Size/MD5 checksum: 60542 f12328fb2be467a5ab8c664df5f166ec http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb Size/MD5 checksum: 50937432 355819c441f0af0756534c1b1d6befd7 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb Size/MD5 checksum: 48438 84bf5cd63df4c78e1f7f7a46459e3163 http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb Size/MD5 checksum: 191338 e0866c1938dd6cf6463a6b8c0ccc4789 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb Size/MD5 checksum: 52398756 9bfa968bcce1f1d84aead2c343d02433 http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb Size/MD5 checksum: 3961020 8baebf6bcb9006393313f31a6bb02db0 http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb Size/MD5 checksum: 202134 738c0a03afd26aa91c156d563d0de1cc http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb Size/MD5 checksum: 55074 fc4d7d7e32182f0f1861ae5d06540db2 http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb Size/MD5 checksum: 67312 b5e4ae6d90452f2232a22161f8bb83da http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb Size/MD5 checksum: 13655932 a02bb8a7403602059fedafe832531844 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb Size/MD5 checksum: 10950918 c972632df916e3304ae1657a2b301fdc http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb Size/MD5 checksum: 192848 1fcb52f25725a7c106e12f29ef73bbe8 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb Size/MD5 checksum: 49112 1d2b378e81e1753d0428e220a24e16cc http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb Size/MD5 checksum: 59682 3d90785a8070f5a1e5711a0981abf800 http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb Size/MD5 checksum: 3950506 8bfd66cc1708346cac4cb92b099925ec http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb Size/MD5 checksum: 50850480 dbdbc7041b916f6e59dcac3ece619244 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb Size/MD5 checksum: 51880702 56164c298160502414409173c1f04e13 http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb Size/MD5 checksum: 206440 13c15460c07d898861196040360a773b http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb Size/MD5 checksum: 61352 6ea0c96ac063352e976c4466f6693445 http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb Size/MD5 checksum: 75818 82b63c4e7a04d88563ebb026ab5442d7 http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb Size/MD5 checksum: 3731302 69346f41cb47056702efc0681657c510 http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb Size/MD5 checksum: 16577294 3146e1c829f3d194c388077931a47485 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb Size/MD5 checksum: 53214602 6207f3135c941b7348219ede580b6c92 http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb Size/MD5 checksum: 194438 84bef6e50347e0421f667e1148f85a6d http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb Size/MD5 checksum: 49608 079ed1d622c23e8ef856e05f31435649 http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb Size/MD5 checksum: 3951628 f88b22d4ed68158bacbd5c51faf8e563 http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb Size/MD5 checksum: 60046 7afd997c7631d1e458a4c0075ba4cbbe http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb Size/MD5 checksum: 11625186 e9166ce3e1de56e78022e70a28bdd0e8 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb Size/MD5 checksum: 60396 3baa5cba57929c4401731de9039bb6c7 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb Size/MD5 checksum: 51774640 c89a79f9cbf93b583d1afd60ec8fc70d http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb Size/MD5 checksum: 11373928 e83d17a1d63b8857d49b1efc9d74d586 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb Size/MD5 checksum: 50710 7d8aa386b329e2d93f7fc85f245261a4 http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb Size/MD5 checksum: 3686850 67e7b75dd18d74fb45b3278cafa88db1 http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb Size/MD5 checksum: 193734 9522b8f3bf9570de7f99f7b0ae5744e0 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb Size/MD5 checksum: 194474 aede4ace924b89ae12e6556a8444cc11 http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb Size/MD5 checksum: 62158 fef7361f1431e623e45fe8033060ab0d http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb Size/MD5 checksum: 53398506 c55370e9adb2b7d7f176ea43eea77f90 http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb Size/MD5 checksum: 11822454 3f7a8180cb276529fa883c702f28840f http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb Size/MD5 checksum: 51334 ce1f2fb8863a23314f922a7b7fded0a1 http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb Size/MD5 checksum: 3681454 f2597c093b57efdca38a5c9ba9fb6622 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb Size/MD5 checksum: 3676578 3fbc08c0bba5dd0f14bf160018ec7034 http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb Size/MD5 checksum: 59830 f39bda160f8d21f97bdc46ff37000898 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb Size/MD5 checksum: 49828 9cd015183ad1200e00bb0a6b4a5b544a http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb Size/MD5 checksum: 50726490 7dae68f748ccc5102320f4850170f946 http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb Size/MD5 checksum: 11132208 8f00b97ee223c42904e2af342222b363 http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb Size/MD5 checksum: 191926 54388142eaa943f4a31934c0ee111a74 -- Debian GNU/Linux unstable alias sid -- Fixed in version 2.0.0.19-1. ORIGINAL ADVISORY: DSA-1696-1: http://lists.debian.org/debian-security-announce/2009/msg00003.html OTHER REFERENCES: SA32007: http://secunia.com/advisories/32007/ SA32715: http://secunia.com/advisories/32715/ SA33205: http://secunia.com/advisories/33205/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------