[gentoo-announce] [ GLSA 202012-02 ] SeaMonkey: Multiple vulnerabilities - gentoo-announce

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 202012-02 ] SeaMonkey: Multiple vulnerabilities
Date:	Mon, 07 Dec 2020 00:36:43
Message-Id:	`8782351f-dd32-b93a-ced4-6b1a679328cb@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 202012-02

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: SeaMonkey: Multiple vulnerabilities

9

      Date: December 07, 2020

10

      Bugs: #718738, #718746

11

        ID: 202012-02

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in SeaMonkey, the worst of

19

which could result in the arbitrary execution of code.

20

21

Background

22

==========

23

24

The SeaMonkey project is a community effort to deliver

25

production-quality releases of code derived from the application

26

formerly known as "Mozilla Application Suite".

27

28

Affected packages

29

=================

30

31

     -------------------------------------------------------------------

32

      Package              /     Vulnerable     /            Unaffected

33

     -------------------------------------------------------------------

34

   1  www-client/seamonkey        < 2.53.5.1                 >= 2.53.5

35

   2  www-client/seamonkey-bin

36

                                <= 2.49.1_rc2               Vulnerable!

37

     -------------------------------------------------------------------

38

      NOTE: Certain packages are still vulnerable. Users should migrate

39

            to another package if one is available or wait for the

40

            existing packages to be marked stable by their

41

            architecture maintainers.

42

     -------------------------------------------------------------------

43

      2 affected packages

44

45

Description

46

===========

47

48

Multiple vulnerabilities have been discovered in SeaMonkey. Please

49

review referenced release notes for more details.

50

51

Impact

52

======

53

54

Please review the referenced release notes for details.

55

56

Workaround

57

==========

58

59

There is no known workaround at this time.

60

61

Resolution

62

==========

63

64

All SeaMonkey users should upgrade to the latest version:

65

66

   # emerge --sync

67

   # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.53.5.1"

68

69

Gentoo has discontinued support for the SeaMonkey binary package. We

70

recommend that users unmerge the SeaMonkey binary package:

71

72

  # emerge --unmerge "www-client/seamonkey-bin"

73

74

NOTE: The Gentoo developer(s) maintaining the SeaMonkey binary package

75

have discontinued support at this time. It may be possible that a new

76

Gentoo developer will update it at a later date. The alternative is

77

using the standard SeaMonkey package.

78

79

References

80

==========

81

82

[ 1 ] SeaMonkey 2.53.2 Release Notes

83

       https://www.seamonkey-project.org/releases/seamonkey2.53.2/

84

[ 2 ] SeaMonkey 2.53.3 Release Notes

85

       https://www.seamonkey-project.org/releases/seamonkey2.53.3/

86

[ 3 ] SeaMonkey 2.53.4 Release Notes

87

       https://www.seamonkey-project.org/releases/seamonkey2.53.4/

88

[ 4 ] SeaMonkey 2.53.5 Release Notes

89

       https://www.seamonkey-project.org/releases/seamonkey2.53.5/

90

[ 5 ] SeaMonkey 2.53.5.1 Release Notes

91

       https://www.seamonkey-project.org/releases/seamonkey2.53.5.1/

92

93

Availability

94

============

95

96

This GLSA and any updates to it are available for viewing at

97

the Gentoo Security Website:

98

99

  https://security.gentoo.org/glsa/202012-02

100

101

Concerns?

102

=========

103

104

Security is a primary focus of Gentoo Linux and ensuring the

105

confidentiality and security of our users' machines is of utmost

106

importance to us. Any security concerns should be addressed to

107

security@g.o or alternatively, you may file a bug at

108

https://bugs.gentoo.org.

109

110

License

111

=======

112

113

Copyright 2020 Gentoo Foundation, Inc; referenced text

114

belongs to its owner(s).

115

116

The contents of this document are licensed under the

117

Creative Commons - Attribution / Share Alike license.

118

119

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 202012-02
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: SeaMonkey: Multiple vulnerabilities
9	Date: December 07, 2020
10	Bugs: #718738, #718746
11	ID: 202012-02
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in SeaMonkey, the worst of
19	which could result in the arbitrary execution of code.
20
21	Background
22	==========
23
24	The SeaMonkey project is a community effort to deliver
25	production-quality releases of code derived from the application
26	formerly known as "Mozilla Application Suite".
27
28	Affected packages
29	=================
30
31	-------------------------------------------------------------------
32	Package / Vulnerable / Unaffected
33	-------------------------------------------------------------------
34	1 www-client/seamonkey < 2.53.5.1 >= 2.53.5
35	2 www-client/seamonkey-bin
36	<= 2.49.1_rc2 Vulnerable!
37	-------------------------------------------------------------------
38	NOTE: Certain packages are still vulnerable. Users should migrate
39	to another package if one is available or wait for the
40	existing packages to be marked stable by their
41	architecture maintainers.
42	-------------------------------------------------------------------
43	2 affected packages
44
45	Description
46	===========
47
48	Multiple vulnerabilities have been discovered in SeaMonkey. Please
49	review referenced release notes for more details.
50
51	Impact
52	======
53
54	Please review the referenced release notes for details.
55
56	Workaround
57	==========
58
59	There is no known workaround at this time.
60
61	Resolution
62	==========
63
64	All SeaMonkey users should upgrade to the latest version:
65
66	# emerge --sync
67	# emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.53.5.1"
68
69	Gentoo has discontinued support for the SeaMonkey binary package. We
70	recommend that users unmerge the SeaMonkey binary package:
71
72	# emerge --unmerge "www-client/seamonkey-bin"
73
74	NOTE: The Gentoo developer(s) maintaining the SeaMonkey binary package
75	have discontinued support at this time. It may be possible that a new
76	Gentoo developer will update it at a later date. The alternative is
77	using the standard SeaMonkey package.
78
79	References
80	==========
81
82	[ 1 ] SeaMonkey 2.53.2 Release Notes
83	https://www.seamonkey-project.org/releases/seamonkey2.53.2/
84	[ 2 ] SeaMonkey 2.53.3 Release Notes
85	https://www.seamonkey-project.org/releases/seamonkey2.53.3/
86	[ 3 ] SeaMonkey 2.53.4 Release Notes
87	https://www.seamonkey-project.org/releases/seamonkey2.53.4/
88	[ 4 ] SeaMonkey 2.53.5 Release Notes
89	https://www.seamonkey-project.org/releases/seamonkey2.53.5/
90	[ 5 ] SeaMonkey 2.53.5.1 Release Notes
91	https://www.seamonkey-project.org/releases/seamonkey2.53.5.1/
92
93	Availability
94	============
95
96	This GLSA and any updates to it are available for viewing at
97	the Gentoo Security Website:
98
99	https://security.gentoo.org/glsa/202012-02
100
101	Concerns?
102	=========
103
104	Security is a primary focus of Gentoo Linux and ensuring the
105	confidentiality and security of our users' machines is of utmost
106	importance to us. Any security concerns should be addressed to
107	security@g.o or alternatively, you may file a bug at
108	https://bugs.gentoo.org.
109
110	License
111	=======
112
113	Copyright 2020 Gentoo Foundation, Inc; referenced text
114	belongs to its owner(s).
115
116	The contents of this document are licensed under the
117	Creative Commons - Attribution / Share Alike license.
118
119	https://creativecommons.org/licenses/by-sa/2.5