-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 5 Jan 2009 18:02:43 +0000 Source: icedove Binary: icedove-inspector icedove-dev thunderbird-dbg thunderbird-inspector icedove-typeaheadfind mozilla-thunderbird-typeaheadfind icedove-dbg thunderbird-gnome-support thunderbird-typeaheadfind icedove mozilla-thunderbird-inspector icedove-gnome-support thunderbird mozilla-thunderbird-dev thunderbird-dev mozilla-thunderbird Architecture: source i386 all Version: 1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1 Distribution: stable-security Urgency: high Maintainer: Alexander Sack <asac@debian.org> Changed-By: Steffen Joeris <white@debian.org> Description: icedove - free/unbranded thunderbird mail client icedove-dbg - debugging symbols for icedove/thunderbird icedove-dev - development files for icedove/thunderbird icedove-gnome-support - GNOME support package for icedove/thunderbird icedove-inspector - DOM inspector extension for icedove/thunderbird icedove-typeaheadfind - typeaheadfind extension for icedove/thunderbird mozilla-thunderbird - Transition package for icedove rename mozilla-thunderbird-dev - Transition package for icedove-dev rename mozilla-thunderbird-inspector - Transition package for icedove-inspector rename mozilla-thunderbird-typeaheadfind - Transition package for icedove-typeaheadfind rename thunderbird - Transition package for icedove rename thunderbird-dbg - Transition package for icedove-dbg rename thunderbird-dev - Transition package for icedove-dev rename thunderbird-gnome-support - Transition package for icedove-gnome-support rename thunderbird-inspector - Transition package for icedove-inspector rename thunderbird-typeaheadfind - Transition package for icedove-typeaheadfind rename Changes: icedove (1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1) stable-security; urgency=high . * Non-maintainer upload by the security team * backports for thunderbird 2.0.0.17 stability/security update * MFSA 2008-37 aka CVE-2008-0016 - UTF-8 URL stack buffer overflow * MFSA 2008-38 aka CVE-2008-3835 - nsXMLDocument::OnChannelRedirect() same-origin violation * MFSA 2008-41 aka CVE-2008-4058 (XPCnativeWrapper pollution bugs), CVE-2008-4059 (XPCnativeWrapper pollution (Firefox 2)), CVE-2008-4060 (Documents without script handling objects) - Privilege escalation via XPCnativeWrapper pollution * MFSA 2008-42 aka CVE-2008-4061 (1.8 layout), CVE-2008-4062 (1.8 javascript) - Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17) * MFSA 2008-43 aka CVE-2008-4065 - BOM characters, low surrogates stripped from JavaScript before execution * MFSA 2008-44 aka CVE-2008-4067, CVE-2008-4068 - resource: traversal vulnerabilities * MFSA 2008-46 aka CVE-2008-4070 - Heap overflow when canceling newsgroup message * backports for thunderbird 2.0.0.18 stability/security update * MFSA 2008-48 aka CVE-2008-5012 - Image stealing via canvas and HTTP redirect * MFSA 2008-50 aka CVE-2008-5014 - Crash and remote code execution via __proto__ tampering * MFSA 2008-52 aka CVE-2008-5017(1.8 layout), CVE-2008-5018(1.8 javascript) - Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18) * MFSA 2008-55 aka CVE-2008-5021 - Crash and remote code execution in nsFrameManager * MFSA 2008-56 aka CVE-2008-5022 - nsXMLHttpRequest::NotifyEventListeners() same-origin violation * MFSA 2008-58 aka CVE-2008-5024 - Parsing error in E4X default namespace * MFSA 2008-59 aka CVE-2008-4582 - Script access to .documentURI and .textContent in mail * backports for thunderbird 2.0.0.19 stability/security update * MFSA 2008-60 aka CVE-2008-5500 (layout) - Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19) * MFSA 2008-61 aka CVE-2008-5503 - Information stealing via loadBindingDocument * MFSA 2008-64 aka CVE-2008-5506 - XMLHttpRequest 302 response disclosure * MFSA 2008-65 aka CVE-2008-5507 - Cross-domain data theft via script redirect error message * MFSA 2008-66 aka CVE-2008-5508 - Errors parsing URLs with leading whitespace and control characters * MFSA 2008-68 aka CVE-2008-5511(XSS via XBL bindings to unloaded document), CVE-2008-5512(JavaScript privilege escalation) - XSS and JavaScript privilege escalation . tarball: http://people.ubuntu.com/~asac/mozilla-security/1.8.1.19/icedove-1.5.0.13+1.5.0.15b+prepatch080614i.tar.bz2 . patchset: http://people.ubuntu.com/~asac/mozilla-security/1.8.1.19/moz_1.8.0.15prepatches080614i.tar.gz . Thanks to Alexander Sack for his cooperation and all the work behind the curtain Files: 50f9d989748dcdc3b4fbe3dfe5c511e0 1352 mail optional icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1.dsc bc7d4a8ac66249e890cc6b8053e1c403 35464904 mail optional icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i.orig.tar.gz 934c1af8ef52f687bd76100e038f031e 632912 mail optional icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1.diff.gz c972632df916e3304ae1657a2b301fdc 10950918 mail optional icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb 1fcb52f25725a7c106e12f29ef73bbe8 192848 mail optional icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb 1d2b378e81e1753d0428e220a24e16cc 49112 mail optional icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb 85cca8031c7e802bbe8da34c57f4f49e 30344 mail optional thunderbird-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb 3d90785a8070f5a1e5711a0981abf800 59682 mail optional icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb 8bfd66cc1708346cac4cb92b099925ec 3950506 mail optional icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb dbdbc7041b916f6e59dcac3ece619244 50850480 mail optional icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb 6a39034c09e4126bb21cdc23c2487939 30324 mail optional thunderbird-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb cbe2956ce57f0d8c4c8ff97ab3e2b73e 30312 mail optional thunderbird_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb 1d7b977f1f636a6119fecbaa5209b123 30332 mail optional mozilla-thunderbird_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb ac038bd3bfa58b2bd8de442a71e6e244 30352 mail optional mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb 242b59c55d9dee9589bb59fbd6658dc6 30338 mail optional thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb bda7c5e419dc5d8a9bce681f985b7b54 30358 mail optional mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb 43ad195fe32dc2fb2e94513fbf91a77c 30352 mail optional thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb a16f184ecc39515f32fa6083b617641b 30330 mail optional thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb 440f59303f23a8b51555ec44536bc610 30344 mail optional mozilla-thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkljNzkACgkQ62zWxYk/rQeB/QCeLi1vOWWWf8/sRj/8x4+CzE46 4/UAoMvg36BR1S0j7AhGUCsbJuKFyCs2 =4NI9 -----END PGP SIGNATURE----- Accepted: icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb to pool/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb to pool/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb to pool/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb to pool/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb to pool/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1.diff.gz to pool/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1.diff.gz icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1.dsc to pool/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1.dsc icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb to pool/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i.orig.tar.gz to pool/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i.orig.tar.gz mozilla-thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb to pool/main/i/icedove/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb to pool/main/i/icedove/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb to pool/main/i/icedove/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb mozilla-thunderbird_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb to pool/main/i/icedove/mozilla-thunderbird_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb thunderbird-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb to pool/main/i/icedove/thunderbird-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb to pool/main/i/icedove/thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb thunderbird-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb to pool/main/i/icedove/thunderbird-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb to pool/main/i/icedove/thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb to pool/main/i/icedove/thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb thunderbird_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb to pool/main/i/icedove/thunderbird_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb