-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 16 Aug 2005 11:00:00 +0100 Source: mozilla-thunderbird Binary: mozilla-thunderbird-dev mozilla-thunderbird-inspector mozilla-thunderbird mozilla-thunderbird-typeaheadfind mozilla-thunderbird-offline Architecture: source ia64 Version: 1.0.2-2.sarge1.0.6 Distribution: stable-security Urgency: critical Maintainer: Martin Schulze <joey@debian.org> Changed-By: Alexander Sack <asac@debian.org> Description: mozilla-thunderbird - Mozilla Thunderbird standalone mail client mozilla-thunderbird-dev - mozilla thunderbird development files mozilla-thunderbird-inspector - mozilla thunderbird dom inspector extension mozilla-thunderbird-offline - mozilla thunderbird offline extension mozilla-thunderbird-typeaheadfind - mozilla thunderbird typeaheadfind extension Closes: 318728 Changes: mozilla-thunderbird (1.0.2-2.sarge1.0.6) stable-security; urgency=critical . * includes full upstream diff from 1.0.2 to 1.0.6, but without increasing internal version number (sarge_102_to_106.dpatch); fixes multiple security issues. (Closes: 318728): CAN-2005-2270: Code execution through shared function objects CAN-2005-2269: XHTML node spoofing CAN-2005-2266: Same origin violation: frame calling top.focus() CAN-2005-2265: Possible exploitable crash in InstallVersion.compareTo() CAN-2005-2261: XML scripts ran even when Javascript disabled CAN-2005-1532: Privilege escalation via non-DOM property overrides CAN-2005-1160: Privilege escalation via DOM property overrides CAN-2005-1159: Missing Install object instance checks CAN-2005-0989: Javascript "lambda" replace exposes memory contents * added build dependencies to system image libraries to prevent future security hazards: libpng12-dev, libmng-dev, libjpeg62-dev Files: 53157e26cb9b032a3fdd375adcbac2bb 997 mail optional mozilla-thunderbird_1.0.2-2.sarge1.0.6.dsc 806175393a226670aa66060452d31df4 33288906 mail optional mozilla-thunderbird_1.0.2.orig.tar.gz 35ff6f4f69563681c282d818f9e08f23 187279 mail optional mozilla-thunderbird_1.0.2-2.sarge1.0.6.diff.gz ed6a27da1a997f2259c095a2d0fcd116 14600148 mail optional mozilla-thunderbird_1.0.2-2.sarge1.0.6_ia64.deb 36addd7bbce708f80f32a9ed7ec7307d 26500 mail optional mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_ia64.deb d1b4914d0ac468538289856fc9e2c397 148328 mail optional mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_ia64.deb 91de5051f92e86f47aacc6a9909e1223 99946 mail optional mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_ia64.deb 110376398b8b9ed932365de3f059f455 3283336 mail optional mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_ia64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDAv5AW5ql+IAeqTIRAuhjAKCIxJcm/sUUdOnWqzdI9lE9Rz2CPQCfYE2K pAWUK+eVPfkJ4LopgnUegVY= =W6cz -----END PGP SIGNATURE----- Accepted: mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_ia64.deb to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_ia64.deb mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_ia64.deb to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_ia64.deb mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_ia64.deb to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_ia64.deb mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_ia64.deb to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_ia64.deb mozilla-thunderbird_1.0.2-2.sarge1.0.6.diff.gz to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6.diff.gz mozilla-thunderbird_1.0.2-2.sarge1.0.6.dsc to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6.dsc mozilla-thunderbird_1.0.2-2.sarge1.0.6_ia64.deb to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_ia64.deb -- To UNSUBSCRIBE, email to debian-changes-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
