Ubuntu
mozilla-thunderbird package

lp:ubuntu/edgy-security/mozilla-thunderbird

  1. Edgy (6.10)
  2. edgy-security
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/edgy-security/mozilla-thunderbird
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Development

Recent revisions

20. By Alexander Sack

* fix memory access regression (LP: #197504)
  - add debian/patches/0071_279505-attachment-297724-(fix-396613-regression).dpatch
  - update debian/patches/00list

19. By Alexander Sack

* USN-582-1 - release security backports for 1.8.0.12 (including previously
  not released firefox patches for 1.8.0.10/11)
* add distro version patch to indicate post-EOL maintainence release
  - add debian/patches/98_ubuntu_eol_distro_version.dpatch
  - update debian/patches/00list

18. By Alexander Sack

* security/stability update:
* MFSA 2007-29 aka CVE-2007-5339 (browser), CVE-2007-5340 (javascript)
* MFSA 2007-30 aka CVE-2007-1095
* MFSA 2007-31 aka CVE-2007-2292
* MFSA 2007-32 aka CVE-2007-3511, CVE-2006-2894
* MFSA 2007-33 aka CVE-2007-5334
* MFSA 2007-34 aka CVE-2007-5337
* MFSA 2007-35 aka CVE-2007-5338
* MFSA 2007-36 aka CVE-2007-4841 (windows only)

17. By Alexander Sack

* New upstream security/stability update:
  - CVE-2007-3734, CVE-2007-3735 - MFSA 2007-18: Crashes with evidence of
    memory corruption (rv:1.8.0.13/1.8.1.5)
  - CVE-2007-3670 - MFSA 2007-23: Remote code execution by launching Firefox
    from Internet Explorer.
  - CVE-2007-3844 - MFSA 2007-26: Privilege escalation through chrome-loaded
    about:blank windows.
  - CVE-2007-3845 - MFSA 2007-27: Unescaped URIs passed to external
    programs.

16. By Alexander Sack

* New upstream security/stability update:
  - CVE-2007-2867, CVE-2007-2868, MFSA 2007-12: Crashes with evidence of
    memory corruption (rv:1.8.0.12/1.8.1.4)
  - CVE-2007-1558, MFSA 2007-15: Security Vulnerability in APOP
    Authentication

15. By Alexander Sack

* New upstream security update:
  - CVE-2007-0008, MFSA 2006-06: SSLv2 Client Integer Underflow
    Vulnerability
  - CVE-2007-0009, MFSA 2006-06: SSLv2 Server Stack Overflow
    Vulnerability
  - CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, MFSA 2007-01:
    Crashes with evidence of memory corruption
* drop patches applied upstream: 90_ppc64-build-fix

14. By Kees Cook

* New upstream security update:
  - CVE-2006-6505, MFSA 2006-74: Mail header processing heap overflows.
  - CVE-2006-6503, MFSA 2006-72: XSS by setting img.src to javascript: URI.
  - CVE-2006-6502, MFSA 2006-71: LiveConnect crash finalizing JS objects.
  - CVE-2006-6501, MFSA 2006-70: Privilege escallation using watch point.
  - CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, MFSA 2006-68: Crashes
    with evidence of memory corruption.

13. By Kees Cook

* New upstream security update:
  - CVE-2006-5463, MFSA 2006-67: Running Script can be recompiled.
  - CVE-2006-5462, MFSA 2006-66: RSA signature forgery (variant).
  - CVE-2006-5464, CVE-2006-5747, CVE-2006-5748, MFSA 2006-65: Crashes with
    evidence of memory corruption.

12. By Martin Pitt

* New upstream security update:
  - MFSA 2006-64, CVE-2006-4571: Crashes with evidence of memory corruption
    (rv:1.8.0.7)
  - MFSA 2006-63, CVE-2006-4570: JavaScript execution in mail via XBL
  - MFSA 2006-60, CVE-2006-4340: RSA Signature Forgery
  - MFSA 2006-59, CVE-2006-4253: Concurrency-related vulnerability
  - MFSA 2006-58, CVE-2006-4567: Auto-Update compromise through DNS and SSL
    spoofing
  - MFSA 2006-57, CVE-2006-4565, CVE-2006-4566: JavaScript Regular Expression
    Heap Corruption

11. By Martin Pitt

* New upstream security update:
  - MFSA 2006-46, CVE-2006-3113: Memory corruption with simultaneous
    events [does not affect 1.0]
  - MFSA 2006-47, CVE-2006-3802: Native DOM methods can be hijacked
    across domains [does not affect 1.0]
  - MFSA 2006-48, CVE-2006-3803: JavaScript new Function race
    condition [does not affect 1.0]
  - MFSA 2006-49, CVE-2006-3804: Heap buffer overwrite on malformed
    VCard
  - MFSA 2006-50, CVE-2006-3805, CVE-2006-3806: JavaScript engine
    vulnerabilities
  - MFSA 2006-51, CVE-2006-3807: Privilege escalation using
    named-functions and redefined "new Object()"
  - MFSA 2006-53, CVE-2006-3809: UniversalBrowserRead privilege
    escalation
  - MFSA 2006-54, CVE-2006-3810: XSS with XPCNativeWrapper
    (window).Function(...) [does not affect 1.0]
  - MFSA 2006-55, CVE-2006-3811: Crashes with evidence of memory
    corruption (rv:1.8.0.5)
  - MFSA 2006-56, CVE-2006-3812: chrome: scheme loading remote
    content
* debian/patches/10_pangoxft_linkage.dpatch: Adapted to new upstream
  version.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers