LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2010-11379 (sunbird)



From:
    	      updates@fedoraproject.org 


To:
    	      package-announce@lists.fedoraproject.org 


Subject:
    	      [SECURITY] Fedora 13 Update: sunbird-1.0-0.26.b2pre.fc13 


Date:
    	      Fri, 23 Jul 2010 02:48:57 +0000


Message-ID:
    	      <20100723024858.8A25E1111B2@bastion02.phx2.fedoraproject.org>


Archive-link:
    	      Article, Thread
              


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-11379
2010-07-23 01:57:19.312760
--------------------------------------------------------------------------------

Name        : sunbird
Product     : Fedora 13
Version     : 1.0
Release     : 0.26.b2pre.fc13
URL         : http://www.mozilla.org/projects/calendar/sunbird/
Summary     : Calendar application built upon Mozilla toolkit
Description :
Mozilla Sunbird is a cross-platform calendar application, built upon
Mozilla Toolkit. It brings Mozilla-style ease-of-use to your
calendar, without tying you to a particular storage solution.

--------------------------------------------------------------------------------
Update Information:

Update to new upstream Thunderbird version 3.1.1, fixing multiple security
issues detailed in the upstream advisories:
http://www.mozilla.org/security/announce/    Update also includes sunbird
package rebuilt against new version of Thunderbird.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 20 2010 Jan Horak <jhorak@redhat.com> - 1.0-0.26.b2pre
- Changed thunderbird-lightning install location to /usr/lib/mozilla/extensions/{355...
- Rebuild against Thunderbird 3.1.1
* Thu Jun 24 2010 Jan Horak <jhorak@redhat.com> - 1.0-0.25.b2pre
- Rebuild against Thunderbird 3.1
* Tue Jun 22 2010 Jan Horak <jhorak@redhat.com> - 1.0-0.24.b2pre
- Fixed Thunderbird requires version
* Tue Jun 22 2010 Jan Horak <jhorak@redhat.com> - 1.0-0.23.b2pre
- Rebuild against Thunderbird 3.1 RC2
* Mon Jun 21 2010 Jan Horak <jhorak@redhat.com> - 1.0-0.22.20090916hg
- Rebuild against new Thunderbird
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #615455 - CVE-2010-1211 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=615455
  [ 2 ] Bug #615456 - CVE-2010-1212 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=615456
  [ 3 ] Bug #615463 - CVE-2010-1215 Mozilla Arbitrary code execution using SJOW and fast native
function
        https://bugzilla.redhat.com/show_bug.cgi?id=615463
  [ 4 ] Bug #615464 - CVE-2010-2752 Mozilla nsCSSValue::Array index integer overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=615464
  [ 5 ] Bug #615466 - CVE-2010-2753 Mozilla nsTreeSelection dangling pointer remote code execution
vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=615466
  [ 6 ] Bug #608238 - CVE-2010-1205 libpng: out-of-bounds memory write
        https://bugzilla.redhat.com/show_bug.cgi?id=608238
  [ 7 ] Bug #615471 - CVE-2010-1213 Mozilla Cross-origin data disclosure via Web Workers and
importScripts
        https://bugzilla.redhat.com/show_bug.cgi?id=615471
  [ 8 ] Bug #615472 - CVE-2010-1207 Mozilla Same-origin bypass using canvas context
        https://bugzilla.redhat.com/show_bug.cgi?id=615472
  [ 9 ] Bug #615474 - CVE-2010-1210 Mozilla Characters mapped to U+FFFD in 8 bit encodings cause
subsequent character to vanish
        https://bugzilla.redhat.com/show_bug.cgi?id=615474
  [ 10 ] Bug #568231 - CVE-2010-0654 firefox: cross-domain information disclosure
        https://bugzilla.redhat.com/show_bug.cgi?id=568231
  [ 11 ] Bug #615488 - CVE-2010-2754 Mozilla Cross-origin data leakage from script filename in
error messages
        https://bugzilla.redhat.com/show_bug.cgi?id=615488
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update sunbird' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds