LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2010-11361 (thunderbird)



From:
    	      updates@fedoraproject.org 


To:
    	      package-announce@lists.fedoraproject.org 


Subject:
    	      [SECURITY] Fedora 12 Update: thunderbird-3.0.6-1.fc12 


Date:
    	      Fri, 23 Jul 2010 02:41:17 +0000


Message-ID:
    	      <20100723024117.320E41106A6@bastion02.phx2.fedoraproject.org>


Archive-link:
    	      Article, Thread
              


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-11361
2010-07-23 01:56:49
--------------------------------------------------------------------------------

Name        : thunderbird
Product     : Fedora 12
Version     : 3.0.6
Release     : 1.fc12
URL         : http://www.mozilla.org/projects/thunderbird/
Summary     : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

--------------------------------------------------------------------------------
Update Information:

Update to new upstream Thunderbird version 3.0.6, fixing multiple security
issues detailed in the upstream advisories:    http://www.mozilla.org/security
/known-vulnerabilities/thunderbird30.html#thunderbird3.0.5
http://www.mozilla.org/security/known-
vulnerabilities/thunderbird30.html#thunderbird3.0.6    Update also includes
sunbird package rebuilt against new version of Thunderbird.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 20 2010 Jan Horak <jhorak@redhat.com> - 3.0.6-1
- Update to 3.0.6
* Mon Jun 21 2010 Jan Horak <jhorak@redhat.com> - 3.0.5-1
- Update to 3.0.5
* Fri Apr 30 2010 Jan Horak <jhorak@redhat.com> - 3.0.4-2
- Fix for mozbz#550455
* Tue Mar 30 2010 Jan Horak <jhorak@redhat.com> - 3.0.4-1
- Update to 3.0.4
* Sat Mar  6 2010 Kalev Lember <kalev@smartlink.ee> - 3.0.3-2
- Own extension directories (#532132)
* Mon Mar  1 2010 Jan Horak <jhorak@redhat.com> - 3.0.3-1
- Update to 3.0.3
* Thu Feb 25 2010 Jan Horak <jhorak@redhat.com> - 3.0.2-1
- Update to 3.0.2
* Wed Jan 20 2010 Martin Stransky <stransky@redhat.com> - 3.0.1-1
- Update to 3.0.1
* Wed Dec  9 2009 Jan Horak <jhorak@redhat.com> - 3.0-4
- Update to 3.0
* Thu Dec  3 2009 Jan Horak <jhorak@redhat.com> - 3.0-3.13.rc2
- Update to 3.0 RC2
* Wed Nov 25 2009 Jan Horak <jhorak@redhat.com> - 3.0-3.12.rc1
- Sync with Mozilla latest RC1 build
* Thu Nov 19 2009 Jan Horak <jhorak@redhat.com> - 3.0-3.11.rc1
- Update to 3.0 RC1
* Mon Nov  9 2009 Jan Horak <jhorak@redhat.com> - 3.0-3.10.b4
- Fixed cs localisation
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #577029 - CVE-2010-1121 firefox: arbitrary code execution via memory corruption
        https://bugzilla.redhat.com/show_bug.cgi?id=577029
  [ 2 ] Bug #590804 - CVE-2010-1200 Mozilla Crashes with evidence of memory corruption
        https://bugzilla.redhat.com/show_bug.cgi?id=590804
  [ 3 ] Bug #608108 - CVE-2010-1201 Firefox: Unspecified vulnerability in the browser engine
        https://bugzilla.redhat.com/show_bug.cgi?id=608108
  [ 4 ] Bug #590810 - CVE-2010-1202 Mozilla Crashes with evidence of memory corruption
        https://bugzilla.redhat.com/show_bug.cgi?id=590810
  [ 5 ] Bug #590830 - CVE-2010-1196 Mozilla Heap buffer overflow in
nsGenericDOMDataNode::SetTextInternal
        https://bugzilla.redhat.com/show_bug.cgi?id=590830
  [ 6 ] Bug #590833 - CVE-2010-1199 Mozilla Integer Overflow in XSLT Node Sorting
        https://bugzilla.redhat.com/show_bug.cgi?id=590833
  [ 7 ] Bug #615455 - CVE-2010-1211 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=615455
  [ 8 ] Bug #615464 - CVE-2010-2752 Mozilla nsCSSValue::Array index integer overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=615464
  [ 9 ] Bug #615466 - CVE-2010-2753 Mozilla nsTreeSelection dangling pointer remote code execution
vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=615466
  [ 10 ] Bug #608238 - CVE-2010-1205 libpng: out-of-bounds memory write
        https://bugzilla.redhat.com/show_bug.cgi?id=608238
  [ 11 ] Bug #615471 - CVE-2010-1213 Mozilla Cross-origin data disclosure via Web Workers and
importScripts
        https://bugzilla.redhat.com/show_bug.cgi?id=615471
  [ 12 ] Bug #568231 - CVE-2010-0654 firefox: cross-domain information disclosure
        https://bugzilla.redhat.com/show_bug.cgi?id=568231
  [ 13 ] Bug #615488 - CVE-2010-2754 Mozilla Cross-origin data leakage from script filename in
error messages
        https://bugzilla.redhat.com/show_bug.cgi?id=615488
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update thunderbird' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds