LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2008-9901 (thunderbird)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 10 Update: thunderbird-2.0.0.18-1.fc10


Date:
    	      Sat, 22 Nov 2008 16:45:06 +0000


Message-ID:
    	      <20081122164506.A4600208D59@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-9901
2008-11-22 14:16:58
--------------------------------------------------------------------------------

Name        : thunderbird
Product     : Fedora 10
Version     : 2.0.0.18
Release     : 1.fc10
URL         : http://www.mozilla.org/projects/thunderbird/
Summary     : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

--------------------------------------------------------------------------------
Update Information:

This update update upgrades thunderbird packages to upstream version 2.0.0.18,
which fixes multiple security issues detailed in upstream security advisories:
http://www.mozilla.org/security/known-
vulnerabilities/thunderbird20.html#thunderbird2.0.0.18
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 19 2008 Christopher Aillon <caillon@redhat.com> 2.0.0.18-1
- Update to 2.0.0.18
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #470873 - CVE-2008-5014 Mozilla crash and remote code execution via __proto__
tampering
        https://bugzilla.redhat.com/show_bug.cgi?id=470873
  [ 2 ] Bug #470884 - CVE-2008-5018 Mozilla crash with evidence of memory corruption
        https://bugzilla.redhat.com/show_bug.cgi?id=470884
  [ 3 ] Bug #470902 - CVE-2008-5024 Mozilla parsing error in E4X default namespace
        https://bugzilla.redhat.com/show_bug.cgi?id=470902
  [ 4 ] Bug #470864 - CVE-2008-5012 Mozilla Image stealing via canvas and HTTP redirect
        https://bugzilla.redhat.com/show_bug.cgi?id=470864
  [ 5 ] Bug #470881 - CVE-2008-5016 Mozilla crash with evidence of memory corruption
        https://bugzilla.redhat.com/show_bug.cgi?id=470881
  [ 6 ] Bug #470883 - CVE-2008-5017 Mozilla crash with evidence of memory corruption
        https://bugzilla.redhat.com/show_bug.cgi?id=470883
  [ 7 ] Bug #470894 - CVE-2008-5021 Mozilla crash and remote code execution in nsFrameManager
        https://bugzilla.redhat.com/show_bug.cgi?id=470894
  [ 8 ] Bug #470895 - CVE-2008-5022 Mozilla nsXMLHttpRequest::NotifyEventListeners() same-origin
violation
        https://bugzilla.redhat.com/show_bug.cgi?id=470895
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update thunderbird' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds