Debian Announces End of Security Support for IceApe

Developers at Debian today informed users still clinging to Iceape that they are cutting the cord and will stop supplying the software with security updates.

Developers at Debian today informed users still clinging to Iceape – an Internet suite modeled on old Mozilla code – that they are cutting the cord and will stop supplying the software with security updates.

Iceape is more or less a Debian-branded hybrid of several community-driven entities, including browser, email, chat and news clients. The suite is loosely based on SeaMonkey, a suite that is in turn is based on code from the original but now defunct Mozilla Application Suite.

In an email sent to users Monday, Moritz Muehlenhoff, a Germany-based Debian developer and part of the Debian Security Team informed users of the change.

“Security support for Iceape, the Debian-branded version of the Seamonkey suite needed to be stopped before the end of the regular security maintenance life cycle,” read the email.

Debian meanwhile will continue to provide security updates to two clients within Iceape, both IceWeasel, based on Mozilla’s Firefox and IceDove, based on Mozilla’s Thunderbird.

Muehlenhoff is encouraging users to either migrate to those platforms as they’re essentially based on the same Seamonkey codebase or switch to binaries provided by Mozilla.

Iceape’s initial incarnation, the Mozilla Application Suite was abandoned in 2006 when Mozilla announced it planned to focus its time on Firefox and Thunderbird. The suite was revived later that year in SeaMonkey, a new group of programs that users produced using Mozilla source code. Debian later changed the name to Iceape to comply with Mozilla’s trademark license.

Iceape’s users are a small but dedicated bunch; loyalists stuck with the product through its synthesis as Netscape Navigator, Mozilla and Mozilla’s Application Suite. Iceape’s development had become stagnant over the last several months though and many supporters lamented the suite’s lack of updates, the last of which came in February.

Debian announced over the summer that it would stop backporting stable security fixes to Iceweasel, Icedove and Iceape, claiming it didn’t have the developer resources to patch products running on old Mozilla code.

Instead, the group claimed it would provide new releases on an ‘Extended Support Release branch,’ basing future package updates on code from Firefox 17.

The group foreshadowed the eventual end of security support for Iceape in that same notice saying it would “announce the end of security support for Iceweasel, Icedove and Iceape in Squeeze in the next update round.”

In this case that next update round appears to be now and Iceape looks as if it’s the first domino to fall.

Along with ending Iceape, Debian also pushed fixes for libtar, fixing integer overflow vulnerabilities and updated the MySQL database server today.

Suggested articles


  • richard on

    hello, i would like to see an update for icedove. seamonkey is now enabled with firefox 28 while iceape is still with firefox 10. that would be nice. richard

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.