Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2009.0014 -- [UNIX/Linux][Debian] New icedove packages fix several vulnerabilities 8 January 2009 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: icedove Publisher: Debian Operating System: Debian GNU/Linux 4.0 UNIX variants (UNIX, Linux, OSX) Impact: Execute Arbitrary Code/Commands Inappropriate Access Increased Privileges Read-only Data Access Access Confidential Data Denial of Service Provide Misleading Information Cross-site Scripting Access: Remote/Unauthenticated CVE Names: CVE-2008-5512 CVE-2008-5511 CVE-2008-5508 CVE-2008-5507 CVE-2008-5506 CVE-2008-5503 CVE-2008-5500 CVE-2008-5024 CVE-2008-5022 CVE-2008-5021 CVE-2008-5018 CVE-2008-5017 CVE-2008-5014 CVE-2008-5012 CVE-2008-4582 CVE-2008-4070 CVE-2008-4068 CVE-2008-4067 CVE-2008-4065 CVE-2008-4062 CVE-2008-4061 CVE-2008-4060 CVE-2008-4059 CVE-2008-4058 CVE-2008-3835 CVE-2008-1380 CVE-2008-0016 Ref: AL-2008.0129 AL-2008.0114 ESB-2008.0937 Original Bulletin: http://www.debian.org/security/2008/dsa-1696 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running icedove check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------ Debian Security Advisory DSA-1696-1 security@debian.org http://www.debian.org/security/ Steffen Joeris January 07, 2009 http://www.debian.org/security/faq - - ------------------------------------------------------------------------ Package : icedove Vulnerability : several vulnerabilities Problem type : remote Debian-specific: no CVE ID : CVE-2008-0016 CVE-2008-1380 CVE-2008-3835 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4067 CVE-2008-4068 CVE-2008-4070 CVE-2008-5012 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5024 CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5511 CVE-2008-5512 Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0016 Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. (MFSA 2008-37) CVE-2008-1380 It was discovered that crashes in the Javascript engine could potentially lead to the execution of arbitrary code. (MFSA 2008-20) CVE-2008-3835 "moz_bug_r_a4" discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could be bypassed. (MFSA 2008-38) CVE-2008-4058 "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41) CVE-2008-4059 "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41) CVE-2008-4060 Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability in XSLT handling. (MFSA 2008-41) CVE-2008-4061 Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. (MFSA 2008-42) CVE-2008-4062 Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. (MFSA 2008-42) CVE-2008-4065 Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. (MFSA 2008-43) CVE-2008-4067 It was discovered that a directory traversal allows attackers to read arbitrary files via a certain characters. (MFSA 2008-44) CVE-2008-4068 It was discovered that a directory traversal allows attackers to bypass security restrictions and obtain sensitive information. (MFSA 2008-44) CVE-2008-4070 It was discovered that a buffer overflow could be triggered via a long header in a news article, which could lead to arbitrary code execution. (MFSA 2008-46) CVE-2008-4582 Liu Die Yu and Boris Zbarsky discovered an information leak through local shortcut files. (MFSA 2008-47 MFSA 2008-59) CVE-2008-5012 Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. (MFSA 2008-48) CVE-2008-5014 Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. (MFSA 2008-50) CVE-2008-5017 It was discovered that crashes in the layout engine could lead to arbitrary code execution. (MFSA 2008-52) CVE-2008-5018 It was discovered that crashes in the Javascript engine could lead to arbitrary code execution. (MFSA 2008-52) CVE-2008-5021 It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. (MFSA 2008-55) CVE-2008-5022 "moz_bug_r_a4" discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. (MFSA 2008-56) CVE-2008-5024 Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. (MFSA 2008-58) CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. (MFSA 2008-60) CVE-2008-5503 Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. (MFSA 2008-61) CVE-2008-5506 Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. (MFSA 2008-64) CVE-2008-5507 Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. (MFSA 2008-65) CVE-2008-5508 Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. (MFSA 2008-66) CVE-2008-5511 It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." (MFSA 2008-68) CVE-2008-5512 It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. (MFSA 2008-68) For the stable distribution (etch) these problems have been fixed in version 1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1. Packages for s390 will be provided later. For the upcoming stable distribution (lenny) these problems will be fixed soon. For the unstable (sid) distribution these problems have been fixed in version 2.0.0.19-1. We recommend that you upgrade your icedove packages. Upgrade instructions - - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - - ------------------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc and sparc. Source archives: http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1.diff.gz Size/MD5 checksum: 632912 934c1af8ef52f687bd76100e038f031e http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i.orig.tar.gz Size/MD5 checksum: 35464904 bc7d4a8ac66249e890cc6b8053e1c403 http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1.dsc Size/MD5 checksum: 1352 50f9d989748dcdc3b4fbe3dfe5c511e0 Architecture independent packages: http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb Size/MD5 checksum: 30358 bda7c5e419dc5d8a9bce681f985b7b54 http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb Size/MD5 checksum: 30344 440f59303f23a8b51555ec44536bc610 http://security.debian.org/pool/updates/main/i/icedove/thunderbird-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb Size/MD5 checksum: 30344 85cca8031c7e802bbe8da34c57f4f49e http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb Size/MD5 checksum: 30332 1d7b977f1f636a6119fecbaa5209b123 http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb Size/MD5 checksum: 30352 ac038bd3bfa58b2bd8de442a71e6e244 http://security.debian.org/pool/updates/main/i/icedove/thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb Size/MD5 checksum: 30352 43ad195fe32dc2fb2e94513fbf91a77c http://security.debian.org/pool/updates/main/i/icedove/thunderbird_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb Size/MD5 checksum: 30312 cbe2956ce57f0d8c4c8ff97ab3e2b73e http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb Size/MD5 checksum: 30324 6a39034c09e4126bb21cdc23c2487939 http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb Size/MD5 checksum: 30330 a16f184ecc39515f32fa6083b617641b http://security.debian.org/pool/updates/main/i/icedove/thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb Size/MD5 checksum: 30338 242b59c55d9dee9589bb59fbd6658dc6 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb Size/MD5 checksum: 3962856 19a9dc3a453f2ca162e6e5bba2c689b6 http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb Size/MD5 checksum: 13483784 7fcca7955d98bb3a15f6ec99d6639771 http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb Size/MD5 checksum: 200634 057601dd1afc618d5f13e42c085f86c5 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb Size/MD5 checksum: 54840 c88c725218fc24b4a0b3190af5ac5a65 http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb Size/MD5 checksum: 65550 40bedd8656c7957486f18aac306f7d12 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb Size/MD5 checksum: 52488200 37055190c86d3ac57eec835a839bc419 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb Size/MD5 checksum: 62776 8d90b71b18c7d4b1d7e810f935d54e8d http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb Size/MD5 checksum: 197798 3b30dc78666876c8d0bb7b4787fdd8ca http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb Size/MD5 checksum: 3953624 6475fbe0b2b1c80b09028089ba67221d http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb Size/MD5 checksum: 53318 b9ec720b8da400758255f239813c20aa http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb Size/MD5 checksum: 51569938 8f68e2681ee04a4db5f91ab45b5f86e3 http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb Size/MD5 checksum: 12217532 43120cb3e4a16da07e47876b71cf55e3 arm architecture (ARM) http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb Size/MD5 checksum: 3926916 2471690066542ca1e81b565feeed8e70 http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb Size/MD5 checksum: 10910920 b80811bcd6f906f9464be3164efaddf6 http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb Size/MD5 checksum: 60542 f12328fb2be467a5ab8c664df5f166ec http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb Size/MD5 checksum: 50937432 355819c441f0af0756534c1b1d6befd7 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb Size/MD5 checksum: 48438 84bf5cd63df4c78e1f7f7a46459e3163 http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb Size/MD5 checksum: 191338 e0866c1938dd6cf6463a6b8c0ccc4789 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb Size/MD5 checksum: 52398756 9bfa968bcce1f1d84aead2c343d02433 http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb Size/MD5 checksum: 3961020 8baebf6bcb9006393313f31a6bb02db0 http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb Size/MD5 checksum: 202134 738c0a03afd26aa91c156d563d0de1cc http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb Size/MD5 checksum: 55074 fc4d7d7e32182f0f1861ae5d06540db2 http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb Size/MD5 checksum: 67312 b5e4ae6d90452f2232a22161f8bb83da http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb Size/MD5 checksum: 13655932 a02bb8a7403602059fedafe832531844 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb Size/MD5 checksum: 10950918 c972632df916e3304ae1657a2b301fdc http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb Size/MD5 checksum: 192848 1fcb52f25725a7c106e12f29ef73bbe8 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb Size/MD5 checksum: 49112 1d2b378e81e1753d0428e220a24e16cc http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb Size/MD5 checksum: 59682 3d90785a8070f5a1e5711a0981abf800 http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb Size/MD5 checksum: 3950506 8bfd66cc1708346cac4cb92b099925ec http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb Size/MD5 checksum: 50850480 dbdbc7041b916f6e59dcac3ece619244 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb Size/MD5 checksum: 51880702 56164c298160502414409173c1f04e13 http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb Size/MD5 checksum: 206440 13c15460c07d898861196040360a773b http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb Size/MD5 checksum: 61352 6ea0c96ac063352e976c4466f6693445 http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb Size/MD5 checksum: 75818 82b63c4e7a04d88563ebb026ab5442d7 http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb Size/MD5 checksum: 3731302 69346f41cb47056702efc0681657c510 http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb Size/MD5 checksum: 16577294 3146e1c829f3d194c388077931a47485 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb Size/MD5 checksum: 53214602 6207f3135c941b7348219ede580b6c92 http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb Size/MD5 checksum: 194438 84bef6e50347e0421f667e1148f85a6d http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb Size/MD5 checksum: 49608 079ed1d622c23e8ef856e05f31435649 http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb Size/MD5 checksum: 3951628 f88b22d4ed68158bacbd5c51faf8e563 http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb Size/MD5 checksum: 60046 7afd997c7631d1e458a4c0075ba4cbbe http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb Size/MD5 checksum: 11625186 e9166ce3e1de56e78022e70a28bdd0e8 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb Size/MD5 checksum: 60396 3baa5cba57929c4401731de9039bb6c7 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb Size/MD5 checksum: 51774640 c89a79f9cbf93b583d1afd60ec8fc70d http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb Size/MD5 checksum: 11373928 e83d17a1d63b8857d49b1efc9d74d586 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb Size/MD5 checksum: 50710 7d8aa386b329e2d93f7fc85f245261a4 http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb Size/MD5 checksum: 3686850 67e7b75dd18d74fb45b3278cafa88db1 http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb Size/MD5 checksum: 193734 9522b8f3bf9570de7f99f7b0ae5744e0 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb Size/MD5 checksum: 194474 aede4ace924b89ae12e6556a8444cc11 http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb Size/MD5 checksum: 62158 fef7361f1431e623e45fe8033060ab0d http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb Size/MD5 checksum: 53398506 c55370e9adb2b7d7f176ea43eea77f90 http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb Size/MD5 checksum: 11822454 3f7a8180cb276529fa883c702f28840f http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb Size/MD5 checksum: 51334 ce1f2fb8863a23314f922a7b7fded0a1 http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb Size/MD5 checksum: 3681454 f2597c093b57efdca38a5c9ba9fb6622 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb Size/MD5 checksum: 3676578 3fbc08c0bba5dd0f14bf160018ec7034 http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb Size/MD5 checksum: 59830 f39bda160f8d21f97bdc46ff37000898 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb Size/MD5 checksum: 49828 9cd015183ad1200e00bb0a6b4a5b544a http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb Size/MD5 checksum: 50726490 7dae68f748ccc5102320f4850170f946 http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb Size/MD5 checksum: 11132208 8f00b97ee223c42904e2af342222b363 http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb Size/MD5 checksum: 191926 54388142eaa943f4a31934c0ee111a74 These files will probably be moved into the stable distribution on its next update. - - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkllHk0ACgkQXm3vHE4uylpc3wCfb1lyGUJ+/N9zFaLJqCZeiH31 hUMAn3TBJgftWP2rUePL7CJUxJC2smY9 =SeoM - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBSWVJsCh9+71yA2DNAQKTCQP9HKCiXgsC9j8aCySRX7CfYD4gSVgq5BZV cj7pi7yLCGWk5h1/+CiECEFbcD1C+C9JeGRZZ6u/PRIWvsw7BHjiQCLX011H1ZGm SGndcrxzrvauXa8CP3OvUK/nnPGwyERcFOq2rg8O8hfPsUnSvvQnvsggyWqFxbSO qDvgBcD37Tg= =iq8B -----END PGP SIGNATURE-----