copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2007.0553 -- [Debian] -- New iceweasel and iceape packages fix several vulnerabilities

Date: 24 July 2007
References: ESB-2007.0536  ESB-2008.0493  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                         ESB-2007.0553 -- [Debian]
       New iceweasel and iceape packages fix several vulnerabilities
                               24 July 2007

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              iceweasel
                      iceape
Publisher:            Debian
Operating System:     Debian GNU/Linux 4.0
Impact:               Execute Arbitrary Code/Commands
                      Cross-site Scripting
Access:               Remote/Unauthenticated
CVE Names:            CVE-2007-3738 CVE-2007-3737 CVE-2007-3736
                      CVE-2007-3735 CVE-2007-3734 CVE-2007-3656
                      CVE-2007-3089

Ref:                  ESB-2007.0536

Original Bulletin:    http://www.debian.org/security/2007/dsa-1338
                      http://www.debian.org/security/2007/dsa-1339

Comment: This bulletin contains two Debian advisories, for vulnerabilities
         in iceweasel and iceape.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1338-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
July 23rd, 2007                         http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : iceweasel
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738

Several remote vulnerabilities have been discovered in the Iceweasel web
browser, an unbranded version of the Firefox browser. The Common 
Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-3089

    Ronen Zilberman and Michal Zalewski discovered that a timing race
    allows the injection of content into about:blank frames.

CVE-2007-3656

    Michal Zalewski discovered that same-origin policies for wyciwyg://
    documents are insufficiently enforced.

CVE-2007-3734

    Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman,
    Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul
    Nickerson,and Vladimir Sukhoy discovered crashes in the layout engine,
    which might allow the execution of arbitrary code.

CVE-2007-3735

    Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the
    javascript engine, which might allow the execution of arbitrary code.

CVE-2007-3736

    "moz_bug_r_a4" discovered that the addEventListener() and setTimeout()
    functions allow cross-site scripting.

CVE-2007-3737

    "moz_bug_r_a4" discovered that a programming error in event handling
    allows privilege escalation.

CVE-2007-3738

    "shutdown" and "moz_bug_r_a4" discovered that the XPCNativeWrapper allows
    the execution of arbitrary code.

The Mozilla products in the oldstable distribution (sarge) are no longer
supported with with security updates. You're strongly encouraged to upgrade to
stable as soon as possible.

For the stable distribution (etch) these problems have been fixed in version
2.0.0.5-0etch1. Builds for alpha and mips are not yet available, they will
be provided later.

For the unstable distribution (sid) these problems have been fixed in version
2.0.0.5-1.

We recommend that you upgrade your iceweasel packages.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- - -------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1.dsc
      Size/MD5 checksum:     1286 59238f560ecb32cdbc56a63ddb209e55
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1.diff.gz
      Size/MD5 checksum:   185146 6524cf51c9e4b107d72600123967d6ef
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5.orig.tar.gz
      Size/MD5 checksum: 43667811 06e1bbe4d44d5b3333cabf8584844ca0

  Architecture independent components:

    http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.5-0etch1_all.deb
      Size/MD5 checksum:    53580 934bffd016c2040ae56d1701ab9ef8b0
    http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.5-0etch1_all.deb
      Size/MD5 checksum:    53548 01ec3b09cb5305f60952e8e7c8ac775f
    http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.5-0etch1_all.deb
      Size/MD5 checksum:    53702 d3ecadf21b84c62c473a658892510d73
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.5-0etch1_all.deb
      Size/MD5 checksum:   234160 bcf465cec9f922ad5e28c434cc9bce9a
    http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.5-0etch1_all.deb
      Size/MD5 checksum:    53432 cd14d22874e960c485e4cec1e559ef20
    http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.5-0etch1_all.deb
      Size/MD5 checksum:    53428 b2d685e70ff5a9c0be04c24efe8cd660
    http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.5-0etch1_all.deb
      Size/MD5 checksum:    54232 72be77489c8bc90232f09c3e4a37d2a8

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_amd64.deb
      Size/MD5 checksum: 10131746 6509776fdd7f65552627b22b7f0e5d5f
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_amd64.deb
      Size/MD5 checksum: 50034750 34db9be3f1aacd877fabacf163a716cf
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_amd64.deb
      Size/MD5 checksum:    87376 42ac4a2436251a5023a4122234a9b433

  ARM architecture:

    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_arm.deb
      Size/MD5 checksum:  9172536 d5a6afa28d7202a28151791944c6cbe4
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_arm.deb
      Size/MD5 checksum: 49133408 d8bfcda8c8f3675bbf4dfc2f84f88fb0
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_arm.deb
      Size/MD5 checksum:    80786 547a41d33735a51c539fd93f8584ca8c

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_hppa.deb
      Size/MD5 checksum: 11038942 73a12aae1df5a9ff435fdbf111641271
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_hppa.deb
      Size/MD5 checksum: 50416604 d1dd0fa25fac83208fbee1e5016bea40
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_hppa.deb
      Size/MD5 checksum:    88872 33dce9b617f9772f706ad4d711ccbacf

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_i386.deb
      Size/MD5 checksum:  9104036 31bd4e0e97fc842cfb36332222227701
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_i386.deb
      Size/MD5 checksum: 49439820 c7760fc3be07338899256b1bf00883e7
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_i386.deb
      Size/MD5 checksum:    81298 b9479b0ba634c0456301effa7f69ef14

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_ia64.deb
      Size/MD5 checksum: 14134080 497b02f80092d16b883a0fe5543e865a
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_ia64.deb
      Size/MD5 checksum: 50396004 1eefae991deb0610dfee10f5fc25929a
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_ia64.deb
      Size/MD5 checksum:    99638 ab6b8c85a7d7f796f6aa83c567d81f7a

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_mipsel.deb
      Size/MD5 checksum: 10744354 de1cb2892c1a5f2474301c967002db40
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_mipsel.deb
      Size/MD5 checksum: 52394050 8c57505e91c9ee8137d7f596de85cb20
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_mipsel.deb
      Size/MD5 checksum:    82468 624046892b6bc835db7ad352a58193b1

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_powerpc.deb
      Size/MD5 checksum:  9918324 b55975975e333962fbe7700f394e4efc
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_powerpc.deb
      Size/MD5 checksum: 51849604 a382e26d5f81f3cba80d3c74c803bfba
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_powerpc.deb
      Size/MD5 checksum:    82998 5b3f148c7e5115779efb9eab5f7ec085

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_s390.deb
      Size/MD5 checksum: 10343876 392bd7c3b4498f16a18af4f33433cdec
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_s390.deb
      Size/MD5 checksum: 50714240 4fcb5751ac1f74858e77ec55511ebfe3
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_s390.deb
      Size/MD5 checksum:    87386 78d93550b19df51bb0ecde33117dc657

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_sparc.deb
      Size/MD5 checksum:  9125776 96b405d93d02e5a80933fba0658c18d3
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_sparc.deb
      Size/MD5 checksum: 49052276 615dac8bcaeb9a4c5cdb6500fe519f8a
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_sparc.deb
      Size/MD5 checksum:    81150 63d0482567e238eae0d201b43696ca02

  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGpOTIXm3vHE4uyloRAv+8AKC05/P7bBqBBc0uHLkpPPwhHYG4RACdFEXQ
ctLOPU4DkXtE5veonKQZoI4=
=oobc
- -----END PGP SIGNATURE-----


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1339-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
July 23rd, 2007                         http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : iceape
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738

Several remote vulnerabilities have been discovered in the Iceape internet
suite, an unbranded version of the Seamonkey Internet Suite. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-3089

    Ronen Zilberman and Michal Zalewski discovered that a timing race
    allows the injection of content into about:blank frames.

CVE-2007-3656

    Michal Zalewski discovered that same-origin policies for wyciwyg://
    documents are insufficiently enforced.

CVE-2007-3734

    Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman,
    Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul
    Nickerson,and Vladimir Sukhoy discovered crashes in the layout engine,
    which might allow the execution of arbitrary code.

CVE-2007-3735

    Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the
    javascript engine, which might allow the execution of arbitrary code.

CVE-2007-3736

    "moz_bug_r_a4" discovered that the addEventListener() and setTimeout()
    functions allow cross-site scripting.

CVE-2007-3737

    "moz_bug_r_a4" discovered that a programming error in event handling
    allows privilege escalation.

CVE-2007-3738

    "shutdown" and "moz_bug_r_a4" discovered that the XPCNativeWrapper allows
    the execution of arbitrary code.

The Mozilla products in the oldstable distribution (sarge) are no longer
supported with security updates. You're strongly encouraged to upgrade to
stable as soon as possible.

For the stable distribution (etch) these problems have been fixed in version
1.0.10~pre070720-0etch1. A build for the mips architecture is not yet available,
it will be provided later.

For the unstable distribution (sid) these problems have been fixed in version
1.1.3-1.

We recommend that you upgrade your iceape packages.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- - -------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720-0etch1.dsc
      Size/MD5 checksum:     1436 a5ddcea94b97d0eb7d88da94a72ca627
    http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720-0etch1.diff.gz
      Size/MD5 checksum:   267008 018274eb404a0e83606ce0d21e87ad01
    http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720.orig.tar.gz
      Size/MD5 checksum: 43473332 245a8a7774ff47ef91177724130f8ea4

  Architecture independent components:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.10~pre070720-0etch1_all.deb
      Size/MD5 checksum:   278618 ee0d7c0bf576089522f4e9f72c8c3add
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.10~pre070720-0etch1_all.deb
      Size/MD5 checksum:  3707920 4bea22fd5361596b66969d7858dd3ad4
    http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720-0etch1_all.deb
      Size/MD5 checksum:    27756 7b7b835dae8ca15c7ec1592ff702ebb6
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.10~pre070720-0etch1_all.deb
      Size/MD5 checksum:    27278 0cc3f8a430af60e0dbcb83576879689e
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.10~pre070720-0etch1_all.deb
      Size/MD5 checksum:    26354 d33b0ec877535b4fa4bf1aa07350f932
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.10~pre070720-0etch1_all.deb
      Size/MD5 checksum:    26364 ff123607a7884ee5a3865464c76021ea
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.10~pre070720-0etch1_all.deb
      Size/MD5 checksum:    26486 4ca53a0ad06db0acb0b879fadfdd4fd5
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.10~pre070720-0etch1_all.deb
      Size/MD5 checksum:    26390 2420778740bf3e57de6ecd5d343d65dd
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.10~pre070720-0etch1_all.deb
      Size/MD5 checksum:    26390 f6fb1d696a8fbd326204419b73ab98e1
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.10~pre070720-0etch1_all.deb
      Size/MD5 checksum:    26374 84203bd26fc8360bbb82535d81a823eb
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.10~pre070720-0etch1_all.deb
      Size/MD5 checksum:    26362 440d3f62c74c42ffcbb5ad73f2069e5c
    http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.10~pre070720-0etch1_all.deb
      Size/MD5 checksum:    26346 ce97b31d46e18455189a03940aa72b92

  Alpha architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_alpha.deb
      Size/MD5 checksum: 12890534 11930d8d5ba846c22095362a46a3ff74
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_alpha.deb
      Size/MD5 checksum:   625330 05c5e03df278bc31932846e1d30a00f9
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_alpha.deb
      Size/MD5 checksum: 60600154 5741efb22728c62acf22154c8a1f3e86
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_alpha.deb
      Size/MD5 checksum:   196866 c64af9533b850bbbd57f9bb87685f9ca
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_alpha.deb
      Size/MD5 checksum:    53100 7193be3a3787964216f4bfa83c7b2789
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_alpha.deb
      Size/MD5 checksum:  2281920 46540cf88b15c9e7455fce6389be88ed

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_amd64.deb
      Size/MD5 checksum: 11668032 c3b8626d19c52f840fe80b39232b0cd7
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_amd64.deb
      Size/MD5 checksum:   608632 f198d453bbbee84201acc69dd9fa5a1a
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_amd64.deb
      Size/MD5 checksum: 59611854 900bf6f48f9df4d30dfd8313b127cfb3
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_amd64.deb
      Size/MD5 checksum:   194016 5adc494eaac9ba8f09c16441c5213318
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_amd64.deb
      Size/MD5 checksum:    52592 4dab2583ccce4830b516fc68ef90bfbd
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_amd64.deb
      Size/MD5 checksum:  2090564 2ad1c710c8f3d7e1a5aa4f8b29b469e7

  ARM architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_arm.deb
      Size/MD5 checksum: 10404318 a3d00ba7cfe0c715fb15bedf1015e601
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_arm.deb
      Size/MD5 checksum:   582112 b0b849a2ffcf26a9441ace8ccdc8e398
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_arm.deb
      Size/MD5 checksum: 58762556 1a0f50dcbd272bc05c34d254d4507a4b
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_arm.deb
      Size/MD5 checksum:   188056 c0b5504ff4183a9e1fef78983a929e67
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_arm.deb
      Size/MD5 checksum:    47298 3c45d2f04093d8a0c5fc41a42251ec73
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_arm.deb
      Size/MD5 checksum:  1907106 b7918528c3b9213502f528adc95c58ab

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_hppa.deb
      Size/MD5 checksum: 12968358 ea1453f3ffa54ee3120ac58cfb293a10
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_hppa.deb
      Size/MD5 checksum:   614490 83b15ddde3c3b657ad44447802c18261
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_hppa.deb
      Size/MD5 checksum: 60467066 e26575d92f3d6d34e98bd8bab228a010
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_hppa.deb
      Size/MD5 checksum:   197064 7d50bb4f9866918e3ef4981c738e650b
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_hppa.deb
      Size/MD5 checksum:    53686 442e54332b114ea0a63fec012912d164
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_hppa.deb
      Size/MD5 checksum:  2338858 47f729c72d8843241cb88407e2e99e47

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_i386.deb
      Size/MD5 checksum: 10477338 deab48630b8aeb248bfa9397e88fd489
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_i386.deb
      Size/MD5 checksum:   587938 2f19c0f151b456a0c0e84b0812cb0dc6
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_i386.deb
      Size/MD5 checksum: 58688874 8e26e07fc8e55d38cde9091093e8ff08
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_i386.deb
      Size/MD5 checksum:   188700 2b399a919d4ee6ee8c5cf22db90e741c
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_i386.deb
      Size/MD5 checksum:    47678 a85d86cd967b44370ec1b3329b9728a5
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_i386.deb
      Size/MD5 checksum:  1889676 66d798529d1f56ce668f8d7eda66abd6

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_ia64.deb
      Size/MD5 checksum: 15794104 7cce099248b412a4189ad2d3243ed7b7
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_ia64.deb
      Size/MD5 checksum:   660672 c7a44faa5e50d8e9c4613c482d4815cd
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_ia64.deb
      Size/MD5 checksum: 59877166 2fe2866b66428866cfed2ab068829bf0
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_ia64.deb
      Size/MD5 checksum:   203708 775d91256820711eb33d3b4af4c1cfbb
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_ia64.deb
      Size/MD5 checksum:    61198 5f258d8b03704153bc66d2114d60fe55
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_ia64.deb
      Size/MD5 checksum:  2815616 ff8fbcd7ba8273161a4db64af91dd950

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_mipsel.deb
      Size/MD5 checksum: 10913650 a40d4caf40bf9b5d989b0cdbf12e9479
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_mipsel.deb
      Size/MD5 checksum:   594990 bf9e81b7f1498d5c60b673b08ba283a7
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_mipsel.deb
      Size/MD5 checksum: 59826020 60a3a22c5a6e42da3c3981ff89fd40ee
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_mipsel.deb
      Size/MD5 checksum:   190212 bad4a1f57643aa25603d6a1fdf85f83f
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_mipsel.deb
      Size/MD5 checksum:    48982 ec96058415e4b33329b6fc5d481f8c56
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_mipsel.deb
      Size/MD5 checksum:  1940378 3a1182500597f8f8d6db4671f187afd2

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_powerpc.deb
      Size/MD5 checksum: 11312338 4f853beb774f7aecaca500031c0e182e
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_powerpc.deb
      Size/MD5 checksum:   595304 4ff550a168faee0f2dffd96b3839c097
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_powerpc.deb
      Size/MD5 checksum: 61603172 37d3070543aae6795d1f95eb1d97b1b1
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_powerpc.deb
      Size/MD5 checksum:   191070 c11775a74df72fe1965aeb50f0f5e2e7
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_powerpc.deb
      Size/MD5 checksum:    48634 031194e9c64f17085308d05dc47de49f
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_powerpc.deb
      Size/MD5 checksum:  2005522 2c4907581d26e19441faed3a2a76a87e

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_s390.deb
      Size/MD5 checksum: 12291720 be79de8e773f1cbf83d34f837f0d3637
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_s390.deb
      Size/MD5 checksum:   610698 4f6e4f45769b6cf87a498b7dece5157c
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_s390.deb
      Size/MD5 checksum: 60372220 a25f1221df24b6d51d66b5f3d4751210
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_s390.deb
      Size/MD5 checksum:   195860 25f6e1809320a9b0d111908cec8e309a
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_s390.deb
      Size/MD5 checksum:    53194 754ae50a15664184d0e70de39cee22b5
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_s390.deb
      Size/MD5 checksum:  2184640 8dffbcd81a31d460d94243fab5ce8049

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_sparc.deb
      Size/MD5 checksum: 10657254 83e7468e55d66d7f36d6903f5bb25fcd
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_sparc.deb
      Size/MD5 checksum:   584296 8a64241ccc10cda38927ad6f15af34ce
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_sparc.deb
      Size/MD5 checksum: 58501456 3e53e44bd0b33aaed55a6feab1839fc5
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_sparc.deb
      Size/MD5 checksum:   188616 4807d32457222d895b243cd44e390328
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_sparc.deb
      Size/MD5 checksum:    47260 3b1cf8ec9939812c886ba3378554e73a
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_sparc.deb
      Size/MD5 checksum:  1894688 b8a4207b5edc44f0e24e362db96a6ff7


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGpUB+Xm3vHE4uyloRAtK+AKCFyK4tO8NzTFh/dsfPkCjMt+kYmgCg52na
gYCMrox+ckaLZhG90jKyiXM=
=OOIl
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRqVL5Sh9+71yA2DNAQKJjAP+L3Og9/FLSDYtDriShv7cbEEJrkqTG4c0
j6Z2Tuh+nvTvmWueUHUycQtdTCxHrv43V5OyiTVBnn0f8u0JEY97H5OjgRxpV84b
2GqEVdDhXELlyq35JIP40RuYEmTyKBh2Fy8TkRr6Y/0mlOlOTB+AHVyPGCzpWi5B
CpYj4+d0O+8=
=hIaJ
-----END PGP SIGNATURE-----