LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for January 8, 2009

Btrfs aims for the mainline

The Android Dev Phone 1

LWN.net Weekly Edition for December 25, 2008

The Grumpy Editor's 2008 retrospective

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Fedora alert FEDORA-2007-641 (thunderbird)



From:
    	      "Kai Engert" <kengert@redhat.com>


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora Core 6 Update: thunderbird-1.5.0.12-2.fc6


Date:
    	      Fri, 20 Jul 2007 12:21:25 -0400


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-641
2007-07-20
---------------------------------------------------------------------

Product     : Fedora Core 6
Name        : thunderbird
Version     : 1.5.0.12
Release     : 2.fc6
Summary     : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

---------------------------------------------------------------------
Update Information:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the way Thunderbird processed
certain malformed JavaScript code. A malicious HTML email
message containing JavaScript code could cause Thunderbird
to crash or potentially execute arbitrary code as the user
running Thunderbird. JavaScript support is disabled by
default in Thunderbird; these issues are not exploitable
unless the user has enabled JavaScript. (CVE-2007-3089,
CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737,
CVE-2007-3738)

Users of Thunderbird are advised to upgrade to these erratum
packages, which contain backported patches that correct
these issues.
---------------------------------------------------------------------
* Fri Jul 20 2007 Kai Engert <kengert@redhat.com> - 1.5.0.12-2
- Add a patch to stick with major versions 1.5.0.12 / 1.8.0.12
- Update to latest snapshot of Mozilla 1.8.0 branch
- Include patches for Mozilla bugs 379245, 384925, 178993,
  381300 (+382686), 358594 (+380933), 382532 (+382503)

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/u...

19679f423d4041bff14fb1296301658dfc6ba2ba  SRPMS/thunderbird-1.5.0.12-2.fc6.src.rpm
19679f423d4041bff14fb1296301658dfc6ba2ba  noarch/thunderbird-1.5.0.12-2.fc6.src.rpm
67e87bd1475f0de8294cf57d976ec342bd8a7c5b  ppc/thunderbird-1.5.0.12-2.fc6.ppc.rpm
98431b993e118b0fe00a2599e645a33ad6522c49  ppc/debug/thunderbird-debuginfo-1.5.0.12-2.fc6.ppc.rpm
c2156643405b7c671a93a2264ab958fd5f0fd944  x86_64/thunderbird-1.5.0.12-2.fc6.x86_64.rpm
e3b6835f0a8f7eb4835c1302e967ed008ecd1575
x86_64/debug/thunderbird-debuginfo-1.5.0.12-2.fc6.x86_64.rpm
bfeab692e49e51d7d0b541ca68965ab1500a6606  i386/thunderbird-1.5.0.12-2.fc6.i386.rpm
a0c642b01715286f1ced7a1f49a8d11b2f924577  i386/debug/thunderbird-debuginfo-1.5.0.12-2.fc6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds