SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for MozillaThunderbird-debugsource-2.0.0.24-1.46.i586.rpm :
Tue Aug 18 14:00:00 2009 wrAATTrosenauer.org
- update to version 2.0.0.23
- export SUSE_ASNEEDED to fix build with 11.2 and up
- make NSS 3.12.3 the minimal build requirement for its security
fixes

Tue Jun 16 14:00:00 2009 wrAATTrosenauer.org
- security update to version 2.0.0.22

* MFSA-2009-14/MFSA-2009-24
Crashes with evidence of memory corruption

* MFSA-2009-17/CVE-2009-1307 (bmo#481342)
Same-origin violations when Adobe Flash loaded via
view-source: scheme

* MFSA-2009-27/CVE-2009-1836 (bmo#479880)
SSL tampering via non-200 responses to proxy CONNECT requests

* MFSA-2009-29/CVE-2009-1838 (bmo#489131)
Arbitrary code execution using event listeners attached to an
element whose owner document is null

* MFSA-2009-32/CVE-2009-1841 (bmo#479560)
JavaScript chrome privilege escalation

* MFSA-2009-33 (bmo#495057)
Crash viewing multipart/alternative message with text/enhanced
part
- fixed build with gcc 4.4 (mozilla-gcc44.patch)
- fixed startscript to be able to handle filenames with whitespaces

Wed Mar 11 13:00:00 2009 wrAATTrosenauer.org
- security update to version 2.0.0.21 (bnc#478625)
see for details
http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html

Sun Dec 28 13:00:00 2008 wrAATTrosenauer.org
- security update to version 2.0.0.19 (bnc#458973)
see for details
http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html

Thu Dec 4 13:00:00 2008 wrAATTrosenauer.org
- added Lightning subpackage which contains the calendar extension

Fri Nov 21 13:00:00 2008 wrAATTrosenauer.org
- Add mozilla-shared-nss-db.patch which allows migrating to and
sharing with other applications using NSS
(same functionality as in xulrunner/firefox)
(can be disabled completely exporting MOZ_TB_NO_NSSHELPER=1)

Fri Nov 21 13:00:00 2008 mawAATTsuse.de
- Review and approve changes.

Thu Nov 13 13:00:00 2008 wrAATTrosenauer.org
- security update to version 2.0.0.18 (bnc#439841)

* MFSA 2008-48 / CVE-2008-5012
Image stealing via canvas and HTTP redirect

* MFSA 2008-50 / CVE-2008-5014 (bmo#436741)
Crash and remote code execution via __proto__ tampering

* MFSA 2008-52 / CVE-2008-5016 / CVE-2008-5017 / CVE-2008-5018
Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)

* MFSA 2008-55 / CVE-2008-5021 (bmo#456896)
Crash and remote code execution in nsFrameManager

* MFSA 2008-56 / CVE-2008-5022 (bmo#460002)
nsXMLHttpRequest::NotifyEventListeners() same-origin violation

* MFSA 2008-58 / CVE-2008-5024 (bmo#453915)
Parsing error in E4X default namespace

Tue Oct 28 13:00:00 2008 wrAATTrosenauer.org
- fixed crash when nss_ldap is used (mozldap-charray_strdup.patch)
(bnc#439588) (patch from Stefan BrĂ¼ns)

Wed Oct 15 14:00:00 2008 mawAATTsuse.de
- Review and approve changes.

Wed Oct 8 14:00:00 2008 wrAATTrosenauer.org
- use system hunspell from 11.0 on (bnc#385739)
- remove more executable bits from non-executable files

Tue Sep 23 14:00:00 2008 wrAATTrosenauer.org
- security update to version 2.0.0.17 (bnc#429179)

* MFSA 2008-37 / CVE-2008-0016
UTF-8 URL stack buffer overflow

* MFSA 2008-38 / CVE-2008-3835
nsXMLDocument::OnChannelRedirect() same-origin violation

* MFSA 2008-41 / CVE-2008-4058 / CVE-2008-4059 / CVE-2008-4060
Privilege escalation via XPCnativeWrapper pollution

* MFSA 2008-42 / CVE-2008-4061 / CVE-2008-4062 / CVE-2008-4063
CVE-2008-4064
Crashes with evidence of memory corruption

* MFSA 2008-43 / CVE-2008-4065 / CVE-2008-4066
BOM characters, low surrogates stripped from JavaScript before
execution

* MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068
resource: traversal vulnerabilities

* MFSA 2008-46 / CVE-2008-4070
Heap overflow when canceling newsgroup message

Mon Sep 15 14:00:00 2008 wrAATTrosenauer.org
- fixed undefined operation in nsMailboxService.cpp (abuild.patch)
- cleanup spec a bit while merging from OBS/mozilla

* forwarding old fixes to cups-paper.patch, mozilla.sh.in and
add-plugins.sh (were fixed long ago in the OBS repo)

Thu Sep 11 14:00:00 2008 mauroAATTsuse.de
- Update to 2.0.0.16 (fixed bnc#417869), fixes:
+ MFSA 2008-34 Remote code execution by overflowing CSS
reference counter
+ MFSA 2008-33 Crash and remote code execution in block reflow
+ MFSA 2008-31 Peer-trusted certs can use alt names to spoof
+ MFSA 2008-29 Faulty .properties file results in uninitialized
memory being used
+ MFSA 2008-26 Buffer length checks in MIME processing
+ MFSA 2008-25 Arbitrary code execution in
mozIJSSubScriptLoader.loadSubScript()
+ MFSA 2008-24 Chrome script loading from fastload file
+ MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)

Wed Jul 23 14:00:00 2008 schwabAATTsuse.de
- Remove unused includes.

Tue Jun 24 14:00:00 2008 mawAATTsuse.de
- Security update to version 2.0.0.14 (bnc#390992):
+ MFSA 2008-15 / CVE-2008-1236 and CVE-2008-1237: Crashes with
evidence of memory corruption (rv:1.8.1.13)
+ MFSA 2008-14 / CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235:
JavaScript privilege escalation and arbitrary code execution
- Drop the following patches: thunderbird-2.0.0.14-backports.patch,
mozilla-missing-decl.patch, and unused-includes.patch
- Respin mozilla-gcc4.3-fixes.patch.

Fri May 30 14:00:00 2008 mawAATTsuse.de
- Add thunderbird-2.0.0.14-backports.patch (bnc390992).

Fri May 16 14:00:00 2008 schwabAATTsuse.de
- Remove unused includes.

Mon Mar 24 13:00:00 2008 mawAATTsuse.de
- Add mozilla-missing-decl.patch, which is necessary when building
against new versions of mozilla-nss (bmo#399589).

Fri Mar 7 13:00:00 2008 mawAATTsuse.de
- Security update to version 2.0.0.12 (bnc#354469)

* MFSA 2008-12 Buffer overflow in external MIME bodies
- Replace mozilla-maxpathlen.patch with mozilla-path_len.patch, for
consistency\'s sake.

Thu Jan 17 13:00:00 2008 mawAATTsuse.de
- Add mozilla-maxpathlen.patch (#354150 and bmo #412610).

Tue Jan 15 13:00:00 2008 mawAATTsuse.de
- Merge changes from the build service (thanks, Wolfgang)
- Update to version 2.0.9.9 (MFSA 2007-29)
- Update enigmail to version 0.95.6
- Add a -devel subpackage
- Various fixes to enable building with gcc 4.3.

Tue Nov 13 13:00:00 2007 mawAATTsuse.de
- Add thunderbird-gcc4.3-fixes.patch
- Add visibility.patch.

Thu Sep 13 14:00:00 2007 cthielAATTsuse.de
- recommend gpg instead of requireing a fixed path

Wed Sep 12 14:00:00 2007 mawAATTsuse.de
- Added gpg/pinentry requirements (#309160).

Tue Sep 4 14:00:00 2007 mawAATTsuse.de
- Don\'t run %fdupes on directories where multiple partitions
are liable to be mounted.

Mon Sep 3 14:00:00 2007 mawAATTsuse.de
- Merge some changes from the build service (thanks, Wolfgang):
+ Provide locale info (#302288)
+ Update releasedate
- Uncomment %clean.

Tue Aug 21 14:00:00 2007 mawAATTsuse.de
- Use %fdupes.

Tue Aug 21 14:00:00 2007 mawAATTsuse.de
- Merge updates from the build service:
- Update to security release 2.0.0.6:

* MFSA 2007-26 Privilege escalation through chrome-loaded
about:blank windows

* MFSA 2007-27 Unescaped URIs passed to external programs
- Update enigmail to version 0.95.3.

Wed Aug 15 14:00:00 2007 mawAATTsuse.de
- On x86_64, s390, and s390x, deactivate the hidden visibility
support, thereby fixing the build.

Wed Jul 25 14:00:00 2007 mawAATTsuse.de
- Security update to version 2.0.0.5 (#288115)
- This new release has fixes for:
MFSA 2007-18
CVE-2007-3734 - Browser flaws
CVE-2007-3735 - Javascript flaws
MFSA 2007-19
CVE-2007-3736
MFSA 2007-20
CVE-2007-3089
MFSA 2007-21
CVE-2007-3737
MFSA 2007-22
CVE-2007-3285
MFSA 2007-23
CVE-2007-3670
MFSA 2007-24
CVE-2007-3656
MFSA 2007-25
CVE-2007-3738
- Update to enigmail 0.95.2.

Thu Jun 21 14:00:00 2007 adrianAATTsuse.de
- fix changelog entry order

Sat Jun 16 14:00:00 2007 mawAATTsuse.de
- Merge update to 2.0.0.4 from the build service (thanks, Wolfgang)
- Remove some commented out stuff.

Wed Jun 13 14:00:00 2007 wrAATTrosenauer.org
- update to maintenance release 2.0.0.4
- update enigmail to 0.95.1
- adopted patches:

* fixed cups-paper.patch (copied from FF)

* removed obsolete visibility.patch

Tue Jun 12 14:00:00 2007 mawAATTsuse.de
- Merge chagnges from the build service (thanks, Wolfgang)
- Now use l10n-%{version}.tar.bz2 instead of l10n.tar.bz2 as
before.

Tue Jun 5 14:00:00 2007 mawAATTsuse.de
- Security update to version 1.5.0.12 (#271197).

Tue Jun 5 14:00:00 2007 sbrabecAATTsuse.cz
- Removed invalid desktop category \"Application\" (#254654).

Thu Apr 19 14:00:00 2007 wrAATTrosenauer.org
- update to final version 2.0.0.0
(http://www.mozilla.com/en-US/thunderbird/2.0.0.0/releasenotes/)
- update enigmail to 0.95.0

Wed Apr 18 14:00:00 2007 mfabianAATTsuse.de
- add Japanese to the languages which get PANGO enabled in the
start script to support the Japanese combining characters
U+3099 U+309A (see bugzilla #262718 comment #29).

Thu Apr 12 14:00:00 2007 wrAATTrosenauer.org
- update to 2.0.0.0rc1
- enabled translations package

Fri Mar 30 14:00:00 2007 wrAATTrosenauer.org
- update to snapshot 2.0.0.0pre-20070329
- security update enigmail 0.94.3
(Bugtraq #22758)

Fri Mar 30 14:00:00 2007 meissnerAATTsuse.de
- require unzip

Tue Mar 13 13:00:00 2007 wrAATTrosenauer.org
- update to snapshot 2.0pre-20060312
- removed implicit NSS version dependency

Thu Mar 8 13:00:00 2007 meissnerAATTsuse.de
- Upgraded to 1.5.0.10 security release.
- Upgraded to enigmail 0.94.2.

Thu Feb 15 13:00:00 2007 wrAATTrosenauer.org
- update to snapshot 2.0beta2-20060214
- fixed build on SLES9

Mon Feb 5 13:00:00 2007 wrAATTrosenauer.org
- fixed check in add-plugins.sh (#242237)

Tue Jan 30 13:00:00 2007 mawAATTsuse.de
- Add thunderbird-1.5.0.8-uninitalized-vars-232305.patch (#232305).

Fri Jan 19 13:00:00 2007 mawAATTsuse.de
- Add undefined-ops.patch, silencing some warnings.

Thu Nov 9 13:00:00 2006 jhargadonAATTsuse.de
- security update to version 1.5.0.8

Tue Sep 12 14:00:00 2006 starkAATTsuse.de
- security update to version 1.5.0.7

Mon Aug 14 14:00:00 2006 starkAATTsuse.de
- update enigmail to 0.94.1

* Added support for signing attachments with inline-PGP
- update mailredirect to 0.7.4
- added backend patch to allow replies to list with
ReplyToListThunderbirdExtension (#199125, bmo #45715)
- added mailnews.clobber_list_reply pref which switches
\"Reply All\" to \"Reply List\" functionality if set

Thu Jul 27 14:00:00 2006 starkAATTsuse.de
- security update to version 1.5.0.5 (#195043)
- fixed overwrite confirmation for GTK filesaver (#179531)


  
ICM