dsa-229{5,6,7}.wml

David Prévot Sun, 28 Aug 2011 07:24:14 -0700

Salut,

Plusieurs annonces de sécurité sont à traduire, par avance merci au
volontaire de répondre par un [ITT] sur le groupe, ou même un ITT
individuel par annonce, comme vous préférez (par exemple en utilisant le
sujet « [ITT] wml://security/2011/dsa-2295.wml » pour la première).


Un script dans le dépôt du site web permet de traduire les morceaux
habituels : french/security/dsa-translator.pl.

Amicalement

David

<define-tag description>several vulnerabilities</define-tag>
<define-tag moreinfo>

<p>Several vulnerabilities have been discovered in Icedove, an unbranded
version of the Thunderbird mail/news client.</p>

<ul>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-0084";>CVE-2011-0084</a>

   <p><q>regenrecht</q> discovered that incorrect pointer handling in the SVG
   processing code could lead to the execution of arbitrary code.</p></li>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2378";>CVE-2011-2378</a>

   <p><q>regenrecht</q> discovered that incorrect memory management in DOM
   processing could lead to the execution of arbitrary code.</p></li>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2981";>CVE-2011-2981</a>

   <p><q>moz_bug_r_a_4</q> discovered a Chrome privilege escalation
   vulnerability in the event handler code.</p></li>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2982";>CVE-2011-2982</a>

   <p>Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory
   corruption bugs, which may lead to the execution of arbitrary code.</p></li>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2983";>CVE-2011-2983</a>

   <p><q>shutdown</q> discovered an information leak in the handling of
   RegExp.input.</p></li>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2984";>CVE-2011-2984</a>

   <p><q>moz_bug_r_a4</q> discovered a Chrome privilege escalation 
   vulnerability.</p></li>

</ul>

<p>As indicated in the Lenny (oldstable) release notes, security support for
the Icedove packages in the oldstable needed to be stopped before the end
of the regular Lenny security maintenance life cycle.
You are strongly encouraged to upgrade to stable or switch to a different
mail client.</p>

<p>For the stable distribution (squeeze), this problem has been fixed in
version 3.0.11-1+squeeze4.</p>

<p>For the unstable distribution (sid), this problem has been fixed in
version 3.1.12-1.</p>

<p>We recommend that you upgrade your iceweasel packages.</p>
</define-tag>

# do not modify the following line
#include "$(ENGLISHDIR)/security/2011/dsa-2297.data"
# $Id: dsa-2297.wml,v 1.1 2011-08-22 06:49:23 kaare Exp $

<define-tag description>several vulnerabilities</define-tag>
<define-tag moreinfo>

<p>Several vulnerabilities have been discovered in Iceweasel, a web browser
based on Firefox. The included XULRunner library provides rendering
services for several other applications included in Debian.</p>

<ul>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-0084";>CVE-2011-0084</a>

   <p><q>regenrecht</q> discovered that incorrect pointer handling in the SVG
   processing code could lead to the execution of arbitrary code.</p></li>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2378";>CVE-2011-2378</a>

   <p><q>regenrecht</q> discovered that incorrect memory management in DOM
   processing could lead to the execution of arbitrary code.</p></li>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2981";>CVE-2011-2981</a>

   <p><q>moz_bug_r_a_4</q> discovered a Chrome privilege escalation
   vulnerability in the event handler code.</p></li>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2982";>CVE-2011-2982</a>

   <p>Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory
   corruption bugs, which may lead to the execution of arbitrary code.</p></li>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2983";>CVE-2011-2983</a>

   <p><q>shutdown</q> discovered an information leak in the handling of
   RegExp.input.</p></li>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2984";>CVE-2011-2984</a>

   <p><q>moz_bug_r_a4</q> discovered a Chrome privilege escalation 
   vulnerability.</p></li>

</ul>

<p>For the oldstable distribution (lenny), this problem has been fixed in
version 1.9.0.19-13 of the xulrunner source package.</p>

<p>For the stable distribution (squeeze), this problem has been fixed in
version 3.5.16-9.</p>

<p>For the unstable distribution (sid), this problem has been fixed in
version 6.0-1</p>

<p>We recommend that you upgrade your iceweasel packages.</p>
</define-tag>

# do not modify the following line
#include "$(ENGLISHDIR)/security/2011/dsa-2296.data"
# $Id: dsa-2296.wml,v 1.1 2011-08-17 19:49:22 kaare Exp $

<define-tag description>several vulnerabilities</define-tag>
<define-tag moreinfo>

<p>Several vulnerabilities have been found in the Iceape internet suite, an
unbranded version of Seamonkey:</p>

<ul>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-0084";>CVE-2011-0084</a>

   <p><q>regenrecht</q> discovered that incorrect pointer handling in the SVG
   processing code could lead to the execution of arbitrary code.</p></li>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2378";>CVE-2011-2378</a>

   <p><q>regenrecht</q> discovered that incorrect memory management in DOM
   processing could lead to the execution of arbitrary code.</p></li>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2981";>CVE-2011-2981</a>

   <p><q>moz_bug_r_a_4</q> discovered a Chrome privilege escalation
   vulnerability in the event handler code.</p></li>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2982";>CVE-2011-2982</a>

   <p>Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory
   corruption bugs, which may lead to the execution of arbitrary code.</p></li>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2983";>CVE-2011-2983</a>

   <p><q>shutdown</q> discovered an information leak in the handling of
   RegExp.input.</p></li>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-2984";>CVE-2011-2984</a>

   <p><q>moz_bug_r_a4</q> discovered a Chrome privilege escalation
   vulnerability.</p></li>

</ul>

<p>The oldstable distribution (lenny) is not affected. The iceape
package only provides the XPCOM code.</p>

<p>For the stable distribution (squeeze), this problem has been fixed in
version 2.0.11-7.</p>

<p>For the unstable distribution (sid), this problem has been fixed in
version 2.0.14-5.</p>

<p>We recommend that you upgrade your iceape packages.</p>
</define-tag>

# do not modify the following line
#include "$(ENGLISHDIR)/security/2011/dsa-2295.data"
# $Id: dsa-2295.wml,v 1.2 2011-08-18 05:34:16 kaare Exp $

signature.asc
Description: OpenPGP digital signature

[TAF] wml://security/2011/dsa-229{5,6,7}.wml

Répondre à