-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 16 Jan 2011 20:27:25 +0100
Source: iceowl
Binary: calendar-timezones iceowl-extension calendar-google-provider iceowl iceowl-dbg
Architecture: source i386
Version: 1.0~b1+dfsg2-1
Distribution: unstable
Urgency: low
Maintainer: Alexander Sack <asac@debian.org>
Changed-By: Guido Günther <agx@sigxcpu.org>
Description:
calendar-google-provider - Google Calendar support for lighting- and iceowl-extension
calendar-timezones - Timezone Extension for Sunbird/Iceowl (mandatory)
iceowl - Standalone Calendar Application
iceowl-dbg - Standalone Calendar Application
iceowl-extension - Calendar Extension for Thunderbird/Icedove
Changes:
iceowl (1.0~b1+dfsg2-1) unstable; urgency=low
.
* [d96a5b0] New upstream version based on icedove 3.0.11 this fixes the
following security bugs:
- MFSA 2010-74 aka CVE-2010-3776, CVE-2010-3778: Miscellaneous memory
safety hazards (rv:1.9.2.13/ 1.9.1.16)
- MFSA 2010-75 aka CVE-2010-3769: Buffer overflow while line breaking
after document.write with long string
- MFSA 2010-78 aka CVE-2010-3768: Add support for OTS font sanitizer
- MFSA 2010-73 aka CVE-2010-3765: Heap buffer overflow mixing
document.write and DOM insertion
- MFSA 2010-64 aka CVE-2010-3174, CVE-2010-3176: Miscellaneous memory
safety hazards (rv:1.9.2.11/ 1.9.1.14)
- MFSA 2010-65 aka CVE-2010-3179: Buffer overflow and memory corruption
using document.write
- MFSA 2010-66 aka CVE-2010-3180: Use-after-free error in nsBarProp
- MFSA 2010-67 aka CVE-2010-3183: Dangling pointer vulnerability in
LookupGetterOrSetter
- MFSA 2010-69 aka CVE-2010-3178: Cross-site information disclosure via
modal calls
- MFSA 2010-71 aka CVE-2010-3182: Unsafe library loading vulnerabilities
- MFSA 2010-49 aka CVE-2010-3169: Miscellaneous memory safety hazards
(rv:1.9.2.9/ 1.9.1.12)
- MFSA 2010-50 aka CVE-2010-2765: Frameset integer overflow vulnerability
- MFSA 2010-51 aka CVE-2010-2767: Dangling pointer vulnerability using DOM
plugin array
- MFSA 2010-53 aka CVE-2010-3166: Heap buffer overflow in
nsTextFrameUtils::TransformText
- MFSA 2010-54 aka CVE-2010-2760: Dangling pointer vulnerability in
nsTreeSelection
- MFSA 2010-55 aka CVE-2010-3168: XUL tree removal crash and remote code
execution
- MFSA 2010-56 ala CVE-2010-3167: Dangling pointer vulnerability in
nsTreeContentView
- MFSA 2010-57 aka CVE-2010-2766: Crash and remote code execution in
normalizeDocument
- MFSA 2010-60 aka CVE-2010-2763: XSS using SJOW scripted function
- MFSA 2010-61 aka CVE-2010-2768: UTF-7 XSS by overriding document charset
using <object> type attribute
- MFSA 2010-62 aka CVE-2010-2769: Copy-and-paste or drag-and-drop into
designMode document allows XSS
- MFSA 2010-63 aka CVE-2010-2764: Information leak via XMLHttpRequest
statusText
- MFSA 2010-34 aka CVE-2010-1211, CVE-2010-1212: Miscellaneous memory
safety hazards (rv:1.9.2.7/ 1.9.1.11)
- MFSA 2010-39 aka CVE-2010-2752: nsCSSValue::Array index integer overflow
- MFSA 2010-40 aka CVE-2010-2753: nsTreeSelection dangling pointer remote
code execution vulnerability
- MFSA 2010-41 aka CVE-2010-1205: Remote code execution using malformed
PNG image
- MFSA 2010-42 aka CVE-2010-1213: Cross-origin data disclosure via Web
Workers and importScripts
- MFSA 2010-46 aka CVE-2010-0654: Cross-domain data theft using CSS
- MFSA 2010-47 aka CVE-2010-2754: Cross-origin data leakage from script
filename in error messages
- MFSA 2010-25 aka CVE-2010-1121: Re-use of freed object due to scope
confusion
- MFSA 2010-26 aka CVE-2010-1200, CVE-2010-1201, CVE-2010-1202: Crashes
with evidence of memory corruption (rv:1.9.2.4/ 1.9.1.10)
- MFSA 2010-29 aka CVE-2010-1196: Heap buffer overflow in
nsGenericDOMDataNode::SetTextInternal
- MFSA 2010-30 aka CVE-2010-1199: Integer Overflow in XSLT Node Sorting
- MFSA 2010-16 aka CVE-2010-0173, CVE-2010-0174: Crashes with evidence of
memory corruption (rv:1.9.2.2/ 1.9.1.9/ 1.9.0.19)
- MFSA 2010-17 aka CVE-2010-0175: Remote code execution with
use-after-free in nsTreeSelection
- MFSA 2010-18 aka CVE-2010-0176: Dangling pointer vulnerability in
nsTreeContentView
- MFSA 2010-22 aka CVE-2009-3555: Update NSS to support TLS renegotiation
indication
- MFSA 2010-24 aka CVE-2010-0182: XMLDocument::load() doesn't check
nsIContentPolicy
- MFSA 2010-01 aka CVE-2010-0159: Crashes with evidence of memory
corruption (rv:1.9.1.8/ 1.9.0.18)
- MFSA 2010-03 aka CVE-2009-1571: Use-after-free crash in HTML parser
* [fa7095e] Rebase patches for new upstream version
* [3850d60] New patch Don-t-build-unused-bsdiff.patch: Don't build unused
bsdiff
* [7c49fe4] New patch Revert-post-release-version-bump.patch: Revert post
release version bump, this is still 1.0b1
* [bb9e37e] Don't build against the internal libbz2 copy
* [44898c0] Build depend on python-ply
* [321c9cd] Add preview image taken from icedove to replace the non-free
one.
Checksums-Sha1:
bff22b53c5929bb7a483bd3bda80fdf94b09e938 1808 iceowl_1.0~b1+dfsg2-1.dsc
f8d8107b0a21b9b87ae3db5b6833a55ba74c121d 51910411 iceowl_1.0~b1+dfsg2.orig.tar.bz2
57a43273f340a9d85c92d0f18059b8449dc4b8ca 311316 iceowl_1.0~b1+dfsg2-1.debian.tar.gz
21b0b0b0ddc2d730da3827436dae7ac76b11b400 108550 calendar-timezones_1.0~b1+dfsg2-1_i386.deb
03ae19edb1931916aa08f1dfb5c42a2f66e33110 1142290 iceowl-extension_1.0~b1+dfsg2-1_i386.deb
dcb9f09ac7be3e855c2c463324b7baaa08dffa53 109382 calendar-google-provider_1.0~b1+dfsg2-1_i386.deb
93453a3db07bc4f123a5aa65a04004ac4f202501 8044660 iceowl_1.0~b1+dfsg2-1_i386.deb
ec3c58338164dd3d80fa78298c8b3e6a3405b805 53638980 iceowl-dbg_1.0~b1+dfsg2-1_i386.deb
Checksums-Sha256:
ba816b303044cb56efba2ab18762dbc9a0107b017edd865db84169401d1b6c9c 1808 iceowl_1.0~b1+dfsg2-1.dsc
147dc74552d0de56ca63379c0feb46affd19e77ce5cb4ed6f6a21bdfaff628d6 51910411 iceowl_1.0~b1+dfsg2.orig.tar.bz2
3ac586444724fd93c9bd16975543038341c057b163ba6f54942ee04c7f0cf94e 311316 iceowl_1.0~b1+dfsg2-1.debian.tar.gz
eebc0fd366d78de84664d3d6fc9ebcd983f2823d1feb930704e566acabd72639 108550 calendar-timezones_1.0~b1+dfsg2-1_i386.deb
f9bae17b47fbd7ad037aa4927fe5ff99c29176140d2fe1aad6cacd0d5cb771bb 1142290 iceowl-extension_1.0~b1+dfsg2-1_i386.deb
df951e052c88f391a4ad85f6585f4659076410c9e990b1b6e878d960562e635d 109382 calendar-google-provider_1.0~b1+dfsg2-1_i386.deb
0af5b3673085b5cc25db93157501441dfcfc23e1db3574609a7af7491909b285 8044660 iceowl_1.0~b1+dfsg2-1_i386.deb
101d1c5d49f1c36f35e38cf0c3556adcec4ab137511a6d726ba6dce5e4d53219 53638980 iceowl-dbg_1.0~b1+dfsg2-1_i386.deb
Files:
3724a3e0d0c9e570ec2af838378f1b4c 1808 web optional iceowl_1.0~b1+dfsg2-1.dsc
d8494d5df4203253927b905a9bc21860 51910411 web optional iceowl_1.0~b1+dfsg2.orig.tar.bz2
3e3eea0d73d9d0d68daa0a0b640c6b21 311316 web optional iceowl_1.0~b1+dfsg2-1.debian.tar.gz
832498ded40eddca67e0b108895e07f4 108550 web optional calendar-timezones_1.0~b1+dfsg2-1_i386.deb
e47a4a29acfdc6282efa1f9291fdfbdd 1142290 web optional iceowl-extension_1.0~b1+dfsg2-1_i386.deb
b3c24c7cab0338e36d607c8a168a3e91 109382 web optional calendar-google-provider_1.0~b1+dfsg2-1_i386.deb
0a2a5571df6a4b81167a48321e8c0243 8044660 web optional iceowl_1.0~b1+dfsg2-1_i386.deb
501557c25a6275e0c53cf70a323c9b93 53638980 debug extra iceowl-dbg_1.0~b1+dfsg2-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFNM1uhn88szT8+ZCYRAqxcAJ91WbOhCXb8q+d6K0Sf4QGf302PQwCfS/2r
GelN9q5g+FuMNQcLFh44v8g=
=3xx5
-----END PGP SIGNATURE-----
Accepted:
calendar-google-provider_1.0~b1+dfsg2-1_i386.deb
to main/i/iceowl/calendar-google-provider_1.0~b1+dfsg2-1_i386.deb
calendar-timezones_1.0~b1+dfsg2-1_i386.deb
to main/i/iceowl/calendar-timezones_1.0~b1+dfsg2-1_i386.deb
iceowl-dbg_1.0~b1+dfsg2-1_i386.deb
to main/i/iceowl/iceowl-dbg_1.0~b1+dfsg2-1_i386.deb
iceowl-extension_1.0~b1+dfsg2-1_i386.deb
to main/i/iceowl/iceowl-extension_1.0~b1+dfsg2-1_i386.deb
iceowl_1.0~b1+dfsg2-1.debian.tar.gz
to main/i/iceowl/iceowl_1.0~b1+dfsg2-1.debian.tar.gz
iceowl_1.0~b1+dfsg2-1.dsc
to main/i/iceowl/iceowl_1.0~b1+dfsg2-1.dsc
iceowl_1.0~b1+dfsg2-1_i386.deb
to main/i/iceowl/iceowl_1.0~b1+dfsg2-1_i386.deb
iceowl_1.0~b1+dfsg2.orig.tar.bz2
to main/i/iceowl/iceowl_1.0~b1+dfsg2.orig.tar.bz2
