• [ GLSA 202012-02 ] SeaMonkey: Multiple vulnerabilities

    From Thomas Deutschmann@21:1/5 to All on Mon Dec 7 01:40:04 2020
    This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --ubK5j7rD0OcJsDW0J2hBbfA021FhJg1DL
    Content-Type: text/plain; charset=utf-8; format=flowed
    Content-Language: en-US
    Content-Transfer-Encoding: quoted-printable

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 202012-02
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    https://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Severity: Normal
    Title: SeaMonkey: Multiple vulnerabilities
    Date: December 07, 2020
    Bugs: #718738, #718746
    ID: 202012-02

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    Multiple vulnerabilities have been found in SeaMonkey, the worst of
    which could result in the arbitrary execution of code.

    Background
    ==========

    The SeaMonkey project is a community effort to deliver
    production-quality releases of code derived from the application
    formerly known as "Mozilla Application Suite".

    Affected packages
    =================

    -------------------------------------------------------------------
    Package / Vulnerable / Unaffected
    -------------------------------------------------------------------
    1 www-client/seamonkey < 2.53.5.1 >= 2.53.5
    2 www-client/seamonkey-bin
    <= 2.49.1_rc2 Vulnerable!
    -------------------------------------------------------------------
    NOTE: Certain packages are still vulnerable. Users should migrate
    to another package if one is available or wait for the
    existing packages to be marked stable by their
    architecture maintainers.
    -------------------------------------------------------------------
    2 affected packages

    Description
    ===========

    Multiple vulnerabilities have been discovered in SeaMonkey. Please
    review referenced release notes for more details.

    Impact
    ======

    Please review the referenced release notes for details.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All SeaMonkey users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.53.5.1"

    Gentoo has discontinued support for the SeaMonkey binary package. We
    recommend that users unmerge the SeaMonkey binary package:

    # emerge --unmerge "www-client/seamonkey-bin"

    NOTE: The Gentoo developer(s) maintaining the SeaMonkey binary package
    have discontinued support at this time. It may be possible that a new
    Gentoo developer will update it at a later date. The alternative is
    using the standard SeaMonkey package.

    References
    ==========

    [ 1 ] SeaMonkey 2.53.2 Release Notes
    https://www.seamonkey-project.org/releases/seamonkey2.53.2/
    [ 2 ] SeaMonkey 2.53.3 Release Notes
    https://www.seamonkey-project.org/releases/seamonkey2.53.3/
    [ 3 ] SeaMonkey 2.53.4 Release Notes
    https://www.seamonkey-project.org/releases/seamonkey2.53.4/
    [ 4 ] SeaMonkey 2.53.5 Release Notes
    https://www.seamonkey-project.org/releases/seamonkey2.53.5/
    [ 5 ] SeaMonkey 2.53.5.1 Release Notes
    https://www.seamonkey-project.org/releases/seamonkey2.53.5.1/

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

    https://security.gentoo.org/glsa/202012-02

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License
    =======

    Copyright 2020 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5


    --ubK5j7rD0OcJsDW0J2hBbfA021FhJg1DL--

    -----BEGIN PGP SIGNATURE-----

    wsB5BAABCAAjFiEEExKRzo+LDXJgXHuURObr3Jv2BVkFAl/Nd0kFAwAAAAAACgkQRObr3Jv2BVlR RwgAqnQdb6Yf+oQcLQuUawS9n2HZRpO9Om+kRWQd/CWy3GmQTZhpjtXnxFhHdH/xl1gaqGWB2x67 l8/MrzMb6+WjF2/uAXwYDC6oDA0yXS077eq09EZkGOzq0oHDerMLpLp/qVXjpFvdPQDBe3YqUOH0 sikpTQ/g/vDtWMD5kboXTz3pdvCx+R93pD7C4M+6jja2WMe2tS6UnftLjDTNOSgGvnXEOlELbHCS yR61B/tNrj67oJLRclqR5VYQGd+RC7e2WwNuwDQZjq5nkFR/2tBH09jm8i4ur8+ffjlxSo/OoxCV yYGvCIl3r1fOrzqC/0J5fJiPPnOZNNOWlx6FiZT9ew==
    =tS0o
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)