Debian Security Advisory
DSA-2489-1 iceape -- several vulnerabilities
- Date Reported:
- 07 Jun 2012
- Affected Packages:
- iceape
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-1937, CVE-2012-1940, CVE-2012-1947.
- More information:
-
Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.
- CVE-2012-1937
Mozilla developers discovered several memory corruption bugs, which may lead to the execution of arbitrary code.
- CVE-2012-1940
Abhishek Arya discovered a use-after-free problem when working with column layout with absolute positioning in a container that changes size, which may lead to the execution of arbitrary code.
- CVE-2012-1947
Abhishek Arya discovered a heap buffer overflow in utf16 to latin1 character set conversion, allowing to execute arbitrary code.
For the stable distribution (squeeze), this problem has been fixed in version 2.0.11-13.
For the testing distribution (wheezy) and unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your iceape packages.
- CVE-2012-1937