lp:ubuntu/edgy-security/mozilla-thunderbird
- Get this branch:
- bzr branch lp:ubuntu/edgy-security/mozilla-thunderbird
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 20. By Alexander Sack
-
* fix memory access regression (LP: #197504)
- add debian/patches/ 0071_279505- attachment- 297724- (fix-396613- regression) .dpatch
- update debian/patches/ 00list - 19. By Alexander Sack
-
* USN-582-1 - release security backports for 1.8.0.12 (including previously
not released firefox patches for 1.8.0.10/11)
* add distro version patch to indicate post-EOL maintainence release
- add debian/patches/ 98_ubuntu_ eol_distro_ version. dpatch
- update debian/patches/ 00list - 18. By Alexander Sack
-
* security/stability update:
* MFSA 2007-29 aka CVE-2007-5339 (browser), CVE-2007-5340 (javascript)
* MFSA 2007-30 aka CVE-2007-1095
* MFSA 2007-31 aka CVE-2007-2292
* MFSA 2007-32 aka CVE-2007-3511, CVE-2006-2894
* MFSA 2007-33 aka CVE-2007-5334
* MFSA 2007-34 aka CVE-2007-5337
* MFSA 2007-35 aka CVE-2007-5338
* MFSA 2007-36 aka CVE-2007-4841 (windows only) - 17. By Alexander Sack
-
* New upstream security/stability update:
- CVE-2007-3734, CVE-2007-3735 - MFSA 2007-18: Crashes with evidence of
memory corruption (rv:1.8.0.13/1. 8.1.5)
- CVE-2007-3670 - MFSA 2007-23: Remote code execution by launching Firefox
from Internet Explorer.
- CVE-2007-3844 - MFSA 2007-26: Privilege escalation through chrome-loaded
about:blank windows.
- CVE-2007-3845 - MFSA 2007-27: Unescaped URIs passed to external
programs. - 16. By Alexander Sack
-
* New upstream security/stability update:
- CVE-2007-2867, CVE-2007-2868, MFSA 2007-12: Crashes with evidence of
memory corruption (rv:1.8.0.12/1. 8.1.4)
- CVE-2007-1558, MFSA 2007-15: Security Vulnerability in APOP
Authentication - 15. By Alexander Sack
-
* New upstream security update:
- CVE-2007-0008, MFSA 2006-06: SSLv2 Client Integer Underflow
Vulnerability
- CVE-2007-0009, MFSA 2006-06: SSLv2 Server Stack Overflow
Vulnerability
- CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, MFSA 2007-01:
Crashes with evidence of memory corruption
* drop patches applied upstream: 90_ppc64-build-fix - 14. By Kees Cook
-
* New upstream security update:
- CVE-2006-6505, MFSA 2006-74: Mail header processing heap overflows.
- CVE-2006-6503, MFSA 2006-72: XSS by setting img.src to javascript: URI.
- CVE-2006-6502, MFSA 2006-71: LiveConnect crash finalizing JS objects.
- CVE-2006-6501, MFSA 2006-70: Privilege escallation using watch point.
- CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, MFSA 2006-68: Crashes
with evidence of memory corruption. - 13. By Kees Cook
-
* New upstream security update:
- CVE-2006-5463, MFSA 2006-67: Running Script can be recompiled.
- CVE-2006-5462, MFSA 2006-66: RSA signature forgery (variant).
- CVE-2006-5464, CVE-2006-5747, CVE-2006-5748, MFSA 2006-65: Crashes with
evidence of memory corruption. - 12. By Martin Pitt
-
* New upstream security update:
- MFSA 2006-64, CVE-2006-4571: Crashes with evidence of memory corruption
(rv:1.8.0.7)
- MFSA 2006-63, CVE-2006-4570: JavaScript execution in mail via XBL
- MFSA 2006-60, CVE-2006-4340: RSA Signature Forgery
- MFSA 2006-59, CVE-2006-4253: Concurrency-related vulnerability
- MFSA 2006-58, CVE-2006-4567: Auto-Update compromise through DNS and SSL
spoofing
- MFSA 2006-57, CVE-2006-4565, CVE-2006-4566: JavaScript Regular Expression
Heap Corruption - 11. By Martin Pitt
-
* New upstream security update:
- MFSA 2006-46, CVE-2006-3113: Memory corruption with simultaneous
events [does not affect 1.0]
- MFSA 2006-47, CVE-2006-3802: Native DOM methods can be hijacked
across domains [does not affect 1.0]
- MFSA 2006-48, CVE-2006-3803: JavaScript new Function race
condition [does not affect 1.0]
- MFSA 2006-49, CVE-2006-3804: Heap buffer overwrite on malformed
VCard
- MFSA 2006-50, CVE-2006-3805, CVE-2006-3806: JavaScript engine
vulnerabilities
- MFSA 2006-51, CVE-2006-3807: Privilege escalation using
named-functions and redefined "new Object()"
- MFSA 2006-53, CVE-2006-3809: UniversalBrowserRead privilege
escalation
- MFSA 2006-54, CVE-2006-3810: XSS with XPCNativeWrapper
(window).Function( ...) [does not affect 1.0]
- MFSA 2006-55, CVE-2006-3811: Crashes with evidence of memory
corruption (rv:1.8.0.5)
- MFSA 2006-56, CVE-2006-3812: chrome: scheme loading remote
content
* debian/patches/ 10_pangoxft_ linkage. dpatch: Adapted to new upstream
version.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)