Accepted mozilla-thunderbird 1.0.2-2.sarge1.0.7 (source i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 1 Oct 2005 11:00:00 +0100
Source: mozilla-thunderbird
Binary: mozilla-thunderbird-dev mozilla-thunderbird-inspector mozilla-thunderbird mozilla-thunderbird-typeaheadfind mozilla-thunderbird-offline
Architecture: source i386
Version: 1.0.2-2.sarge1.0.7
Distribution: stable-security
Urgency: critical
Maintainer: Alexander Sack <asac@debian.org>
Changed-By: Alexander Sack <asac@debian.org>
Description:
mozilla-thunderbird - Mozilla Thunderbird standalone mail client
mozilla-thunderbird-dev - mozilla thunderbird development files
mozilla-thunderbird-inspector - mozilla thunderbird dom inspector extension
mozilla-thunderbird-offline - mozilla thunderbird offline extension
mozilla-thunderbird-typeaheadfind - mozilla thunderbird typeaheadfind extension
Closes: 329664 329664
Changes:
mozilla-thunderbird (1.0.2-2.sarge1.0.7) stable-security; urgency=critical
.
* following issues are addressed with patches in
debian/patches/tbird.1.0.6-1.0.7-1/. MFSA_2005-59 has a debian specific
patch: debian/mfsa_2005-59.debian.patch.
.
* MFSA-2005-57: IDN heap overrun
Summary: Tom Ferris reported a Firefox crash when processing a domain
name consisting solely of soft-hyphen characters.
Closes: -
CVE-Ids: CAN-2005-2871
Bugzilla: 307259
Issues addressed:
+ CAN-2005-2871 - IDN heap overrun
* MFSA-2005-58: Accumulated vendor advisory for multiple vulnerabilities
Summary: Fixes for multiple vulnerabilities with an overall severity
of "critical" have been released in Mozilla Firefox/Thunderbird
1.0.7 and the Mozilla Suite 1.7.12
Closes: -
CVE-Ids: CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704
CAN-2005-2705 CAN-2005-2706 CAN-2005-2707
Bugzilla: 300936 296134 297078 302263 299518 303213 304754 306261
306804 291178 300853 301180 302100
Issues addressed:
+ CAN-2005-2701 - Heap overrun in XBM image processing, tbird is not affected
applied anyway to keep source in sync.
+ CAN-2005-2702 - Crash on "zero-width non-joiner" sequence
+ CAN-2005-2703 - XMLHttpRequest header spoofing
+ CAN-2005-2704 - Object spoofing using XBL <implements>
+ CAN-2005-2705 - JavaScript integer overflow
+ CAN-2005-2706 - Privilege escalation using about: scheme
+ CAN-2005-2707 - Chrome window spoofing
+ Regression fixes
* MFSA-2005-59: Command-line handling on Linux allows shell execution
Summary: URLs passed to Linux versions of Firefox on the command-line
are not correctly protected against interpretation by the
shell. As a result a malicious URL can result in the execution
of shell commands with the privileges of the user. If Firefox
is set as the default handler for web URLs then opening a URL
in another program (for example, links in a mail or chat
client) can result in shell command execution.
Closes: 329664,329664
CVE-Ids: CAN-2005-2968
Bugzilla: 307185
Issues addressed:
+ CAN-2005-2968 - Command-line handling on Linux allows shell execution
Files:
303ed28d7dac19a27a47c23819f80bd7 997 mail optional mozilla-thunderbird_1.0.2-2.sarge1.0.7.dsc
79fbaf89373ea1d4698942f289b556d2 210991 mail optional mozilla-thunderbird_1.0.2-2.sarge1.0.7.diff.gz
fc8572c0a89b914fc288fd638e224213 11550326 mail optional mozilla-thunderbird_1.0.2-2.sarge1.0.7_i386.deb
ec039bd40938c0d6bb87874cc8703c25 27286 mail optional mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_i386.deb
a90c517acdcaf177b4585cf8f9e35344 140456 mail optional mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_i386.deb
ecf0d09362306bcd6c8a65c2e779f792 81696 mail optional mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_i386.deb
02fbded3b5e503def6c29f32c34b24d1 3497080 mail optional mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDQAAMv8pLOKgkuT8RAp6QAKCY/VbjrWCngixYOdu2MQK2URdpsgCeIeBS
gr2DrdhaXYVioWnS4kjhsPs=
=HZnU
-----END PGP SIGNATURE-----
Accepted:
mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_i386.deb
to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_i386.deb
to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_i386.deb
to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_i386.deb
to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird_1.0.2-2.sarge1.0.7.diff.gz
to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7.diff.gz
mozilla-thunderbird_1.0.2-2.sarge1.0.7.dsc
to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7.dsc
mozilla-thunderbird_1.0.2-2.sarge1.0.7_i386.deb
to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_i386.deb
--
To UNSUBSCRIBE, email to debian-changes-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org