- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202012-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: SeaMonkey: Multiple vulnerabilities Date: December 07, 2020 Bugs: #718738, #718746 ID: 202012-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in SeaMonkey, the worst of which could result in the arbitrary execution of code. Background ========== The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as "Mozilla Application Suite". Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/seamonkey < 2.53.5.1 >= 2.53.5 2 www-client/seamonkey-bin <= 2.49.1_rc2 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in SeaMonkey. Please review referenced release notes for more details. Impact ====== Please review the referenced release notes for details. Workaround ========== There is no known workaround at this time. Resolution ========== All SeaMonkey users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.53.5.1" Gentoo has discontinued support for the SeaMonkey binary package. We recommend that users unmerge the SeaMonkey binary package: # emerge --unmerge "www-client/seamonkey-bin" NOTE: The Gentoo developer(s) maintaining the SeaMonkey binary package have discontinued support at this time. It may be possible that a new Gentoo developer will update it at a later date. The alternative is using the standard SeaMonkey package. References ========== [ 1 ] SeaMonkey 2.53.2 Release Notes https://www.seamonkey-project.org/releases/seamonkey2.53.2/ [ 2 ] SeaMonkey 2.53.3 Release Notes https://www.seamonkey-project.org/releases/seamonkey2.53.3/ [ 3 ] SeaMonkey 2.53.4 Release Notes https://www.seamonkey-project.org/releases/seamonkey2.53.4/ [ 4 ] SeaMonkey 2.53.5 Release Notes https://www.seamonkey-project.org/releases/seamonkey2.53.5/ [ 5 ] SeaMonkey 2.53.5.1 Release Notes https://www.seamonkey-project.org/releases/seamonkey2.53.5.1/ Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202012-02 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5