[Secure-testing-changes] Accepted mozilla-thunderbird 1.0.6-3etch1 (source)

Micah Anderson micah at debian.org
Tue Sep 27 21:20:24 UTC 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 24 Sep 2005 20:52:09 -0400
Source: mozilla-thunderbird
Binary: mozilla-thunderbird-dev mozilla-thunderbird-inspector mozilla-thunderbird mozilla-thunderbird-typeaheadfind mozilla-thunderbird-offline
Architecture: source
Version: 1.0.6-3etch1
Distribution: testing
Urgency: low
Maintainer: Alexander Sack <asac at debian.org>
Changed-By: Micah Anderson <micah at debian.org>
Description: 
 mozilla-thunderbird - Mozilla Thunderbird standalone mail client
 mozilla-thunderbird-dev - mozilla thunderbird development files
 mozilla-thunderbird-inspector - mozilla thunderbird dom inspector extension
 mozilla-thunderbird-offline - mozilla thunderbird offline extension
 mozilla-thunderbird-typeaheadfind - mozilla thunderbird typeaheadfind extension
Changes: 
 mozilla-thunderbird (1.0.6-3etch1) testing; urgency=low
 .
   [ Micah Anderson]
    * Etch backport for DSA-18: Commented out 90_new_freetype_fix from
      debian/patches/00list to revert patch preventing deprecated Freetype
      function calls
    * Added debian/patches/22_mozilla_in-patch2 to fix CAN-2005-2968
    * Etch backport fixes the following issues:
 .
      CAN-2005-2968
        Thunderbird incorrectly escapes commands in input, fed to it through
        the --compose option, which could lead to execution of arbitrary
        shell commands.
 .
      CAN-2005-2266
        Child frames may access parental frames, even if these are in
        different access domains and may lead to information leakage of
        cookies or pass words.
 .
      CAN-2005-2265
        Incorrect type checks in InstallVersion.compareTo may lead to a
        denial-of-service attack or possibly execution of arbitrary code.
 .
      CAN-2005-2261
        XBL scripts are even run, if Javascript has been disabled.
 .
      CAN-2005-1532
        Javascript is inproperly limits its privileges to the calling
        context, which could lead to "non-DOM privilege override".
 .
      CAN-2005-1160
        Overriding properties/methods of DOM nodes could lead to execution
        of code with extended "chrome" privileges.
 .
      CAN-2005-1159
        Native function implementations are not verified, causing Javascript
        execution at improper memory addresses allowing denial of service and
        potentially arbitrary code execution
 .
      CAN-2005-0989
        The find_replen function in the Javascript engine allows remote
        attackers to read portions of heap memory in a Javascript string via
        the lambda replace method.
Files: 
 5660c1fddeaa8714c6c47f575102cd8a 909 mail optional mozilla-thunderbird_1.0.6-3etch1.dsc
 6ae9de9f17f05d2143ec363b306d7acd 32933648 mail optional mozilla-thunderbird_1.0.6.orig.tar.gz
 ba41f82145930f4b9d179831bf86a926 96468 mail optional mozilla-thunderbird_1.0.6-3etch1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDNpvf9n4qXRzy1ioRAi2GAKCBg3oSJHJ9HD7CPtR+W/LrkN5eMACgpyBq
1Z454T0Yp7YMt1x8K34BIMM=
=Yr0D
-----END PGP SIGNATURE-----


Accepted:
mozilla-thunderbird_1.0.6-3etch1.diff.gz
  to pool/security-updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-3etch1.diff.gz
mozilla-thunderbird_1.0.6-3etch1.dsc
  to pool/security-updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-3etch1.dsc
mozilla-thunderbird_1.0.6.orig.tar.gz
  to pool/security-updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6.orig.tar.gz

More information about the Secure-testing-changes mailing list